EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 32024L1619

Directive (EU) 2024/1619 of the European Parliament and of the Council of 31 May 2024 amending Directive 2013/36/EU as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance risksText with EEA relevance.

PE/79/2023/REV/1

OJ L, 2024/1619, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1619/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force

ELI: http://data.europa.eu/eli/dir/2024/1619/oj

European flag

Official Journal
of the European Union

EN

L series


2024/1619

19.6.2024

DIRECTIVE (EU) 2024/1619 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 31 May 2024

amending Directive 2013/36/EU as regards supervisory powers, sanctions, third-country branches, and environmental, social and governance risks

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 53(1) thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Central Bank (1),

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

(1)

The purpose of the amendments to Directive 2013/36/EU of the European Parliament and of the Council (3) in connection with supervisory powers, sanctions, third-country branches, and environmental, social and governance (ESG) risks is to further the harmonisation of the banking supervisory framework and, ultimately, deepen the internal market for banking. Competent authorities should seek to ensure that the supervisory framework is applied to institutions, as defined in that Directive, in a proportionate manner and, in particular, they should aim to reduce compliance and reporting costs for small and non-complex institutions to the extent possible, having due regard to the recommendations set out in the report entitled ‘Study of the cost of compliance with supervisory reporting requirements’ published by the European Supervisory Authority (European Banking Authority) (EBA) established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council (4) in 2021, which targeted an average reduction of reporting costs of 10 % to 20 %.

(2)

Competent authorities, their members of staff and the members of their governance bodies should be independent and free from political and economic influence. Risks of conflicts of interest undermine the integrity of the Union financial system and harm the goal of an integrated banking and capital markets union. Directive 2013/36/EU should lay down more detailed provisions for Member States to ensure that the competent authorities, including their members of staff and the members of their governance bodies, act independently and objectively. In that context, minimum requirements should be laid down to prevent conflicts of interest and limit ‘revolving doors’, providing, in particular, for cooling-off periods, a prohibition on trading instruments issued by supervised entities, and a maximum tenure period for relevant members of governance bodies. EBA should issue guidelines addressed to competent authorities on the prevention of conflicts of interest which are based on international best practices.

(3)

Members of staff and members of the competent authority’s governance body subject to cooling-off periods should be entitled to appropriate compensation, the purpose of which should be to compensate them for the inability to take up employment, for a certain period, with entities in relation to which those cooling-off restrictions apply. The compensation should be proportionate to the length of the relevant cooling-off period and its form should be decided by each Member State.

(4)

Supervisors should act with the utmost integrity in the exercise of their supervisory functions. In order to increase transparency and ensure high ethical standards, it is appropriate for members of staff and members of the competent authority’s governance body to submit a declaration of interests on an annual basis. That declaration should disclose information on the member’s holdings of financial instruments in order to reduce the risks arising from conflicts of interest that might result from those holdings and to allow competent authorities to manage such risks appropriately. A declaration of interests should be without prejudice to any requirement to submit a wealth declaration under applicable national rules.

(5)

The provision of core banking services listed in Annex I, points 1, 2 and 6, to Directive 2013/36/EU should be made conditional on an explicit and harmonised authorisation requirement in Union law, specifying that undertakings established in a third country which seek to provide such core banking services in the Union should at least establish a branch in a Member State and that such branch should be authorised in accordance with Union law, unless the undertaking wishes to provide banking services in the Union through a subsidiary.

(6)

The consumption of banking services outside the Union, as in the context of the World Trade Organisation Understanding on commitments in financial services, is to remain unaffected. The requirement to establish a branch in the Union should not apply to cases of reverse solicitation, that is where a client or counterparty approaches an undertaking established in a third country at its own exclusive initiative for the provision of banking services, including their continuation, or banking services closely related to those originally solicited. When transposing this Directive, Member States should be able to take measures to preserve clients’ acquired rights under existing contracts. Such measures should apply solely for the purpose of facilitating the transition to implementation of this Directive, and should be narrowly framed to avoid instances of circumvention. To prevent the circumvention of the rules applicable to the cross-border provision of banking services by third-country undertakings, competent authorities should be able to monitor the provision of those services. The requirement to establish a branch in the Union should also not apply to interbank and interdealer transactions. In addition, without prejudice to the authorisation regime provided for in Directive 2014/65/EU of the European Parliament and of the Council (5) and in Regulation (EU) No 648/2012 of the European Parliament and of the Council (6), the requirement to establish a branch should not apply to cases where third-country credit institutions provide in the Union the investment services and activities listed in Annex I, Section A, to Directive 2014/65/EU and any accommodating ancillary services, such as related deposit taking or the granting of credit or loans the purpose of which is to provide services under that Directive, including the provision of trading of financial instruments services or private wealth management. Nonetheless, such exemption should take into account compliance with anti-money laundering and counter-terrorist financing rules as laid down in Directive (EU) 2015/849 of the European Parliament and of the Council (7).

(7)

Competent authorities should have the necessary power to withdraw the authorisation granted to a credit institution where such a credit institution has been determined as failing or likely to fail, there is no reasonable prospect that any alternative private sector measures or supervisory action would prevent a failure of such a credit institution within a reasonable timeframe and a resolution action is not necessary in the public interest. In such a situation, a credit institution should be wound up in accordance with the applicable national insolvency proceedings, or with other types of proceedings laid down for those institutions under national law, which would ensure its orderly exit from the market, and should therefore discontinue the activities for which the authorisation had been granted. However, there should be no automatic link between the failing or likely to fail determination and the withdrawal of the authorisation, as for other cases where the competent authority is entitled to withdraw the authorisation. Competent authorities should exercise their powers in a manner that is proportionate and that takes into consideration the features of the applicable national insolvency proceedings, including existing judicial procedures. The power to withdraw the authorisation should not be used to prevent the opening, or force the termination, of insolvency proceedings, such as the application of a judicial moratorium or other measures which are conditional upon an active licence.

(8)

Financial holding companies and mixed financial holding companies that are parent undertakings of banking groups should remain subject to the identification and approval mechanism introduced by Directive (EU) 2019/878 of the European Parliament and of the Council (8). That mechanism enables competent authorities to bring certain financial holding companies and mixed financial holding companies under the direct scope of their supervision and of their supervisory powers pursuant to Directive 2013/36/EU and Regulation (EU) No 575/2013 of the European Parliament and of the Council (9) to ensure compliance on a consolidated basis. Under specific circumstances, competent authorities should have the discretion to exempt from approval a financial holding company or mixed financial holding company set up for the purpose of holding participations in undertakings. In addition, to cater for the specificities of certain banking groups, the consolidating supervisor should be able to allow financial holding companies or mixed financial holding companies which are exempted from approval to be excluded from the perimeter of consolidation of a banking group. However, the power to exclude those entities from the perimeter of consolidation of a banking group should only be exercised in exceptional circumstances, where all the conditions set out in the applicable law are complied with and, to that end, the banking group concerned should demonstrate that the holding entity that should be excluded is not involved in, or relevant for, the management of that banking group.

(9)

Supervisors of credit institutions should have all the necessary powers that enable them to perform their duties and that cover the various operations conducted by the supervised entities. To that end and to increase the level playing field, supervisors should have at their disposal all the supervisory powers enabling them to cover the material operations that can be undertaken by the supervised entities. The competent authorities should therefore be notified if material operations undertaken by a supervised entity, including acquisitions by supervised entities of material holdings in financial or non-financial sector entities, material transfers of assets and liabilities from or to supervised entities, and mergers and divisions involving supervised entities, raise concerns over that entity’s prudential profile, or over possible money laundering or terrorist financing activities. Furthermore, the competent authorities should have the power to intervene in cases of acquisitions of material holdings, mergers or divisions.

(10)

In order to ensure proportionality and avoid undue administrative burden, the additional powers of competent authorities should only apply to operations deemed material. Only operations consisting in mergers or divisions should be treated automatically as material operations, as the newly created entity can be expected to present a significantly different prudential profile from the entities initially involved in the merger or division. Also, mergers or divisions should not be concluded by entities undertaking them before a prior positive opinion is received from the competent authorities. Acquisitions of holdings, when considered material, should be assessed by the competent authority concerned, based on a tacit approval procedure.

(11)

In order to ensure that competent authorities are able to intervene before a material operation is undertaken, they should be notified in advance. That notification should be accompanied by information necessary for the competent authorities to assess the proposed operation from a prudential and anti-money laundering and counter-terrorist financing perspective. That assessment by competent authorities should commence at the moment of the receipt of the notification including all the requested information. In the case of the acquisition of a material holding, or where the proposed operation involves only financial stakeholders from the same group, that assessment should be limited in time.

(12)

In the case of the acquisition of a material holding, the conclusion of the assessment could lead the competent authority to decide to oppose to the operation. In the absence of opposition from the competent authority within a given period, the operation should be deemed approved.

(13)

It is necessary to align provisions related to the acquisition of a qualifying holding in a credit institution with provisions on the acquisition of a material holding by an institution, in case both assessments have to be undertaken for the same operation. Without proper alignment, those provisions could lead to inconsistencies in the assessment undertaken by competent authorities and, ultimately, in the decisions taken by them.

(14)

Concerning mergers and divisions, Directive (EU) 2017/1132 of the European Parliament and of the Council (10) lays down harmonised rules and procedures, in particular for cross-border mergers and divisions of limited liability companies. Therefore, the assessment procedure by the competent authorities provided for in this Directive should be complementary to the procedure laid down in Directive (EU) 2017/1132 and should not contradict any of its provisions. In the case of those cross-border mergers and divisions which fall under the scope of Directive (EU) 2017/1132, the reasoned opinion issued by the competent authority should be part of the assessment of the compliance with all relevant conditions and the proper completion of all procedures and formalities required for the pre-merger or pre-division certificate. The reasoned opinion should therefore be transmitted to the designated national authority responsible for issuing the pre-merger or pre-division certificate under Directive (EU) 2017/1132.

(15)

In some situations, for instance when entities established in various Member States are involved, operations might require multiple notifications and assessments from different competent authorities, and therefore require efficient cooperation among those authorities. It is therefore necessary to specify cooperation obligations, in particular early cross-border notifications, smooth exchange of information, including with authorities responsible for anti-money laundering or counter-terrorist financing, and coordination in the assessment process.

(16)

EBA should be mandated to develop draft regulatory technical standards, draft implementing technical standards and guidelines to ensure an appropriate framing of the use of the additional supervisory powers. Those draft regulatory technical standards and draft implementing technical standards should, in particular, specify the information to be received by the competent authorities, the elements to be assessed, and the cooperation required where more than one competent authority is involved. Those various elements are crucial to ensuring that a sufficiently harmonised supervisory methodology allows provisions on the additional powers to be implemented efficiently, with the minimum possible additional administrative burden.

(17)

The regulation of branches established by undertakings in a third country to provide banking services in a Member State is subject to national law and only harmonised to a very limited extent by Directive 2013/36/EU. While third-country branches have a significant and increasing presence in Union banking markets, they are currently subject only to very general information requirements, but not to any Union-level prudential standards or supervisory cooperation arrangements. The complete absence of a common prudential framework leads to third-country branches being subject to disparate national requirements of varying levels of prudence and scope. Furthermore, competent authorities lack comprehensive information and the necessary supervisory tools to properly monitor the specific risks created by third-country groups operating in one or more Member States through branches and subsidiaries. There are currently no integrated supervisory arrangements in relation to them and the competent authority responsible for the supervision of each branch of a third-country group is not obliged to exchange information with the competent authorities supervising the other branches and subsidiaries of the same group. Such a fragmented regulatory landscape creates risks to financial stability and market integrity in the Union and should be properly addressed through a harmonised regulatory framework on third-country branches. Such a framework should comprise minimum common requirements on authorisation, prudential standards, internal governance, supervision and reporting. That set of requirements should build on those that Member States already apply to third-country branches in their territories and should take into account similar or equivalent requirements that third countries apply to foreign branches, in order to ensure consistency between Member States and align the Union’s regulatory framework for third-country branches with the prevailing international practices in this field.

(18)

When authorising and supervising third-country branches, competent authorities should be able to exercise their supervisory functions effectively. To that end they need to have access to all the necessary information on the third-country branch’s head undertaking from the supervisory authorities of the relevant third country and be able to effectively coordinate their supervisory activities with those of the third country’s supervisory authorities. Before a third-country branch commences its activities in a Member State, competent authorities should endeavour to conclude an agreement with the supervisory authority of the third country concerned to enable cooperation and information exchange. Such an agreement should be based on the model administrative arrangements developed by EBA in accordance with Article 33(5) of Regulation (EU) No 1093/2010. Competent authorities should submit information about such agreements to EBA. Where the conclusion of an administrative agreement on the basis of the model developed by EBA is not possible, competent authorities should be able to use other arrangements, for example an exchange of letters, to ensure that they can exercise their supervisory functions.

(19)

For reasons of proportionality, the minimum requirements imposed on third-country branches should be relative to the risk that they pose to financial stability and market integrity in the Union and the Member States. Third-country branches should, therefore, be classified as either class 1, where they are deemed riskier, or, otherwise, as class 2, where they are considered to be small and non-complex and not to pose a significant financial stability risk, consistent with the definition of ‘small and non-complex institution’ in Regulation (EU) No 575/2013. Accordingly, third-country branches with booked assets in a Member State in an amount equal to or greater than EUR 5 billion should be regarded as posing such a higher risk due to their larger size and complexity, because their failure could lead to a significant disruption of the banking services market or the banking system of the Member State. Third-country branches authorised to accept retail deposits should similarly be regarded as riskier regardless of their size where the amount of such retail deposits exceeds a certain threshold, insofar as their failure could affect highly vulnerable depositors and could lead to a loss of confidence in the safety and soundness of the banking system of the Member State and its ability to protect citizens’ savings. Both types of third-country branch should, therefore, be classified as class 1 third-country branches.

(20)

Third-country branches should also be classified as class 1 where the head undertaking is subject to regulation and the oversight and implementation of that regulation are not determined to be at least equivalent to what is required by Directive 2013/36/EU and Regulation (EU) No 575/2013, or where the relevant third country is listed as a high-risk third country that has strategic deficiencies in its anti-money laundering and counter-terrorist financing regime in accordance with Directive (EU) 2015/849. Those third-country branches pose a significant risk to financial stability in the Union and the Member State of establishment because the regulatory or anti-money laundering and counter-terrorist financing frameworks that apply to their head undertaking fail to adequately capture or fail to permit the proper monitoring of the specific risks that arise from the activities conducted by the branch in the Member State, or of the risks to counterparties in the Member State that arise from the third-country group. For the purpose of determining the equivalence of the third country’s banking prudential and supervisory standards to the Union’s standards, the Commission should be able to instruct EBA to conduct an assessment and issue a report on the relevant third country’s banking regulatory framework in accordance with Article 33 of Regulation (EU) No 1093/2010. EBA should ensure that the assessment is conducted in a rigorous and transparent manner and in accordance with a sound methodology. Furthermore, EBA should also consult and cooperate closely with the third country’s supervisory authorities, the government departments in charge of its banking regulation and, where appropriate, private sector parties, endeavouring to treat those parties fairly and to give them the opportunity to submit documentation and make representations within reasonable timeframes. Furthermore, EBA should ensure that the report issued is adequately reasoned, sets out a detailed description of the matters assessed and is delivered within a reasonable timeframe. In order to ensure uniform conditions for the implementation of this Directive, implementing powers should be conferred on the Commission to adopt decisions on the equivalence of the banking regulatory frameworks of third-country branches. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (11).

(21)

Competent authorities should have an explicit power to require, on a case-by-case basis, that third-country branches apply for authorisation in accordance with Title III, Chapter 1 of Directive 2013/36/EU, at a minimum where those branches engage in activities with clients or counterparties in other Member States in breach of the internal market rules, where they pose a significant risk to the financial stability of the Union or of the Member State where they are established or where the aggregate amount of the assets of all third-country branches in the Union which belong to the same third-country group is equal to or greater than EUR 40 billion or the amount of the third-country branch’s assets in the Member State where it is established is equal to or greater than EUR 10 billion. Moreover, competent authorities should be required to assess whether third-country branches have systemic importance where the aggregate amount of the assets of all third-country branches in the Union which belong to the same third-country group is equal to or greater than EUR 40 billion. All third-country branches that belong to the same third-country group established in one Member State or across the Union should be subject to such assessment by their respective competent authorities. That assessment should examine, in accordance with specific criteria, whether those branches pose an analogous level of risk to the financial stability of the Union or its Member States as institutions defined as ‘systemically important’ under Directive 2013/36/EU and Regulation (EU) No 575/2013. Where competent authorities conclude that the third-country branches are systemically important, they should impose requirements on those branches that are appropriate to mitigate risks to financial stability. For those purposes, competent authorities should be able to require third-country branches to apply for authorisation as subsidiary institutions under Directive 2013/36/EU in order to continue conducting banking activities in the Member State or across the Union. Moreover, competent authorities should be able to impose other requirements, in particular an obligation to restructure third-country branches’ assets or activities in the Union so that those branches cease to have systemic importance, or a requirement to comply with additional capital, liquidity, reporting or disclosure requirements, where that would be sufficient to address the risks to financial stability. Competent authorities should have the possibility not to impose any of those requirements on third-country branches assessed as having systemic importance, in which case they should provide a reasoned notification to EBA and the competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions. In order to consider the Union-wide implications, competent authorities which decide to exercise their power to require the authorisation as a subsidiary institution should, in advance, consult EBA and the competent authorities concerned.

(22)

To promote the consistency of supervisory decisions regarding a third-country group that has branches and subsidiaries across the Union, competent authorities should, when performing the assessment of systemic importance, consult EBA and competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions, in order to assess the financial stability risks that the relevant third-country branch might pose for Member States other than the Member State where it is established.

(23)

Competent authorities should conduct regular reviews of third-country branches’ compliance with relevant requirements under Directive 2013/36/EU, and impose supervisory measures on those branches to ensure or restore compliance with those requirements. To facilitate the effective supervision of compliance with those requirements by third-country branches and to allow for a comprehensive overview of third-country groups’ activities within the Union, common supervisory and financial reporting should be made available to competent authorities in accordance with standardised templates. EBA should be mandated to develop draft implementing technical standards setting out those templates. Furthermore, in order to ensure that all the activities of third-country groups operating in the Union through third-country branches are subject to comprehensive supervision, to prevent the requirements applicable to those groups under Union law from being circumvented and to minimise potential risks to financial stability in the Union, it is necessary to implement appropriate cooperation arrangements between competent authorities. In particular, class 1 third-country branches should be included within the scope of the colleges of supervisors of third-country groups in the Union. Where such a college does not yet exist, competent authorities should set up an ad hoc college for all class 1 third-country branches of the same group where that group operates in more than one Member State.

(24)

The Union framework for third-country branches should be applied without prejudice to the discretion that Member States currently have to require on a general basis that third-country undertakings from certain third countries conduct banking activities in their territory solely through subsidiary institutions authorised in accordance with Title III, Chapter 1 of Directive 2013/36/EU. That requirement might refer to third countries that apply banking prudential and supervisory standards that are not equivalent to the standards under the Member State’s national law or to third countries that have strategic deficiencies in their anti-money laundering and counter-terrorist financing regime.

(25)

Notwithstanding currently applicable secrecy rules, information exchange between competent authorities and tax authorities should be improved. The exchange of information should, in any event, be in accordance with national law and, where the information originates in another Member State, agreement for disclosure should be reached between the relevant competent authorities.

(26)

It is crucial that institutions, financial holding companies and mixed financial holding companies comply with the prudential requirements to ensure their safety and soundness and preserve the stability of the financial system, both at the level of the Union as a whole and in each Member State. Therefore, the European Central Bank (ECB) and national competent authorities should have the power to take timely and decisive measures where those institutions, financial holding companies and mixed financial holding companies and their effective managers fail to comply with the prudential requirements or supervisory decisions.

(27)

To ensure a level playing field in the area of sanctioning powers, Member States should be required to provide for effective, proportionate and dissuasive administrative penalties, periodic penalty payments and other administrative measures in respect of breaches of national provisions transposing Directive 2013/36/EU and breaches of Regulation (EU) No 575/2013 or decisions taken by a competent authority on the basis of those provisions or that Regulation. Those administrative penalties, periodic penalty payments and other administrative measures should meet certain minimum requirements, including the minimum powers that should be vested in competent authorities to be able to impose them, the criteria that competent authorities should take into account in their application, publication requirements or the levels of administrative penalties and periodic penalty payments. EBA should be mandated to report on the cooperation between competent authorities in the context of the application of administrative penalties, periodic penalty payments and other administrative measures.

(28)

Member States should be able to impose administrative penalties where the relevant breach is also subject to national criminal law. Competent authorities should have regard to any previous criminal penalties that have been imposed for the same breach on the natural or legal person responsible for that breach when determining the type of administrative penalties or other administrative measures and the level of administrative pecuniary penalties. This is to ensure that the severity of all the administrative penalties and other administrative measures imposed for punitive purposes in the case of an accumulation of administrative and criminal proceedings arising from the same wrongful conduct is limited to what is necessary in view of the seriousness of the breach concerned. To that end, Member States should put in place appropriate mechanisms to ensure that competent authorities and judicial authorities are duly informed, in a timely manner, of any administrative or criminal proceedings initiated against the same natural or legal person.

(29)

Administrative pecuniary penalties should have a deterrent effect in order to prevent the natural or legal person in breach of national provisions transposing Directive 2013/36/EU or in breach of Regulation (EU) No 575/2013 from engaging in the same or similar conduct in the future. Administrative pecuniary penalties on legal persons should be applied consistently, in particular as regards the determination of the maximum amount of such penalties, which should take into account the total annual net turnover of the relevant undertaking. However, total annual net turnover within the meaning of Directive 2013/36/EU is currently neither exhaustive nor sufficiently clear to ensure a level playing field in the application of administrative pecuniary penalties. To ensure a consistent calculation throughout the Union, Directive 2013/36/EU should provide for a list of elements to be included in the calculation of the total annual net turnover.

(30)

In addition to administrative pecuniary penalties, competent authorities should be empowered to impose periodic penalty payments on institutions, financial holding companies, mixed financial holding companies and on those members of the management body in its management function, senior management, key function holders, other material risk takers and any other natural persons who are identified as responsible, in accordance with national law, for the breach of the obligation to comply with national provisions transposing Directive 2013/36/EU, or with their obligations under Regulation (EU) No 575/2013 or under a decision taken by a competent authority on the basis of those provisions or that Regulation. Member States should lay down specific rules and effective mechanisms regarding the application of periodic penalty payments. Periodic penalty payments should be imposed where a breach is continuing. Without prejudice to the procedural rights of the affected persons under applicable law, including the right of those persons to be heard, competent authorities should be able to impose periodic penalty payments without having to address a prior request, order or warning to the party in breach requiring a return to compliance. Since the purpose of the periodic penalty payments is to compel natural or legal persons to terminate an ongoing breach, the application of periodic penalty payments should not prevent competent authorities from imposing subsequent administrative penalties for the same breach. It should be possible for periodic penalty payments to be imposed on a given date and to start applying at a later date. Unless otherwise provided for by Member States, periodic penalty payments should be calculated on a daily basis.

(31)

In order to ensure the greatest possible scope for action following a breach and to help prevent further breaches, irrespective of whether such breaches are subject to an administrative penalty or other administrative measure under national law, Member States should be able to provide for additional administrative penalties and a higher level of administrative pecuniary penalties and periodic penalty payments.

(32)

When imposing periodic penalty payments, a competent authority should take into account the potential impact of the periodic penalty payment on the financial situation of the natural or legal person in breach and seek to avoid a situation where the penalty would cause the natural or legal person in breach to become insolvent or lead to serious financial distress or would represent a disproportionate percentage of the annual income of the natural person or of the total annual turnover of the legal person. Competent authorities should also ensure that periodic penalty payments are applied to the members of the management body, senior management, key function holders, other material risk takers and to any other natural persons who are identified as being directly responsible for the breach, either individually or collectively.

(33)

In exceptional circumstances, where the legal system of the Member State does not allow the imposition of the administrative penalties provided for in this Directive, it should be possible to exceptionally apply the rules on administrative penalties in such a manner that the penalty is initiated by the competent authority and imposed by a judicial authority. Nevertheless, it is necessary for those Member States to ensure that the application of such rules and penalties has an effect equivalent to the administrative penalties imposed by the competent authorities. The penalties provided for should therefore be effective, proportionate and dissuasive.

(34)

In order to provide for appropriate sanctions for breaches of national provisions transposing Directive 2013/36/EU and for breaches of Regulation (EU) No 575/2013, the list of breaches subject to administrative penalties, periodic penalty payments and other administrative measures should be supplemented. Therefore, the list of breaches set out in Directive 2013/36/EU should be amended.

(35)

Following the introduction of International Financial Reporting Standard 9 Financial Instruments (IFRS 9) on 1 January 2018, the outcome of the expected credit losses calculations, which is based on modelling approaches, directly affects the amount of own funds and the regulatory ratios of institutions. The same modelling approaches are also the basis for the expected credit losses calculation where institutions apply national accounting frameworks. As a result, it is important that competent authorities and EBA have a clear view of the impact that those calculations have on the range of values for risk-weighted assets and own funds requirements that arise for similar exposures. To that end, the benchmarking exercise should also cover those modelling approaches. Given that institutions calculating own funds requirements in accordance with the standardised approach for credit risk may also use models for the calculation of expected credit losses within the IFRS 9 framework, those institutions should also be included in the benchmarking exercise, taking into account the principle of proportionality.

(36)

Regulation (EU) 2019/876 of the European Parliament and of the Council (12) amended Regulation (EU) No 575/2013 by introducing a revised market risk framework developed by the Basel Committee on Banking Supervision. The alternative standardised approach that is part of that new framework allows institutions to model certain parameters used in the calculation of risk-weighted assets and own funds requirements for market risk. It is therefore important for competent authorities and EBA to have a clear view of the range of values for risk-weighted assets and own funds requirements that arise for similar exposures not only under the alternative internal model approach, but also under the alternative standardised approach. As a result, the market risk benchmarking exercise should cover the revised standardised and internal model approaches, taking into account the principle of proportionality.

(37)

The global transition towards a sustainable economy as enshrined in the Paris Agreement (13), adopted on 12 December 2015 under the United Nations Framework Convention on Climate Change (the ‘Paris Agreement’), and the United Nations 2030 Agenda for Sustainable Development will require a profound socio-economic transformation and will depend on the mobilisation of significant financial resources from the public and private sectors. The European Green Deal, introduced by the Commission in its communication of 11 December 2019, commits the Union to becoming climate-neutral by 2050. The financial system has a relevant role to play in supporting that transition, which relates not only to capturing and supporting the opportunities that will arise but also to properly managing the risks that it may entail. As those risks can have implications for the stability of both individual institutions and the financial system as a whole, an enhanced regulatory prudential framework that better integrates the related risks is necessary.

(38)

The unprecedented scale of transition towards a sustainable, climate-neutral and circular economy will have considerable impacts on the financial system. In 2018, the Network of Central Banks and Supervisors for Greening the Financial System acknowledged that climate-related risks are a source of financial risk. The communication of the Commission of 6 July 2021 entitled ‘Strategy for Financing the Transition to a Sustainable Economy’ (the ‘Renewed Sustainable Finance Strategy’) emphasises that ESG risks, and risks arising from the physical impact of climate change, biodiversity loss and the broader environmental degradation of ecosystems in particular, pose an unprecedented challenge to the Union’s economy and to the stability of the financial system. Those risks present specificities such as their forward-looking nature and their distinctive impacts over short-, medium- and long-term time horizons. The specificity of climate-related and other environmental risks, for example risks arising from environmental degradation and biodiversity loss, as regards both transition and physical risks, requires in particular the management of those risks with a long-term time horizon of at least 10 years.

(39)

The long-term nature and the profoundness of the transition towards a sustainable, climate-neutral and circular economy will entail significant changes in the business models of institutions. The adequate adjustment of the financial sector, and of credit institutions in particular, is necessary to achieve the objective of net-zero greenhouse gas emissions in the Union’s economy by 2050, while keeping the inherent risks under control. Competent authorities should, therefore, be enabled to assess that process of adjustment and to intervene in cases where institutions manage climate risks, as well as risks arising from environmental degradation and biodiversity loss, in a way that endangers the stability of the individual institutions, or financial stability overall. Competent authorities should also monitor and be empowered to act where there are risks arising from transition trends in the context of the relevant Union and Member States regulatory objectives in relation to ESG factors, for example as set out in Regulation (EU) 2021/1119 of the European Parliament and of the Council (14), the communication of the Commission of 14 July 2021 entitled ‘Fit for 55’: delivering the EU’s 2030 Climate Target on the way to climate neutrality’ (the ‘Fit for 55 package’) and the Kunming-Montreal Global Biodiversity Framework, adopted on 19 December 2022 by the Conference of the Parties to the Convention on Biological Diversity of the United Nations, as well as, where relevant for internationally active institutions, third-country legal and regulatory objectives, resulting in risks to their business models and strategies, or to financial stability. Competent authorities should also be empowered to reinforce targets, measures and actions of institutions’ prudential plans where they are considered insufficient to address the ESG risks in the short-, medium- and long-term time horizon and could in that regard pose material risks to their solvability. Climate risks and, more broadly, environmental risks, should be considered together with social risks and governance risks under a single category of risk to enable a comprehensive and coordinated integration of those factors, as they are often intertwined. ESG risks are closely linked with the concept of sustainability, as ESG factors represent the three main pillars of sustainability.

(40)

To maintain adequate resilience to the negative impacts of ESG factors, institutions established in the Union need to be able to systematically identify, measure and manage ESG risks, and their supervisors should be required to assess the risks at the level of the individual institution as well as at the systemic level, giving priority to environmental factors and progressing to other sustainability factors as the methodologies and tools for the assessment evolve. Institutions should be required to assess the alignment of their portfolios with the ambition of the Union to become climate-neutral by 2050 as well as avert environmental degradation and biodiversity loss. Institutions should have the obligation to set out specific plans to address the financial risks arising, in the short, medium and long term, from ESG factors, including from transition trends in the context of the relevant regulatory objectives of the Union and Member States, for example as set out in the Paris Agreement, Regulation (EU) 2021/1119, the Fit for 55 package and the Kunming-Montreal Global Biodiversity Framework, as well as, where relevant for internationally active institutions, third-country legal and regulatory objectives. Institutions should be required to have robust governance arrangements and internal processes for the management of ESG risks and to have in place strategies approved by their management bodies that take into consideration not only the current but also the forward-looking impact of ESG factors. The collective knowledge and awareness of ESG factors by institutions’ management bodies and internal capital allocation to address ESG risks will also be key to strengthening resilience to the negative impacts of those risks. The specificities of ESG risks mean that understanding, measurements and management practices can differ significantly across institutions. To ensure convergence across the Union and a uniform understanding of ESG risks, appropriate definitions and minimum standards for the assessment of those risks should be provided for in a prudential regulatory framework. To achieve that objective, definitions should be introduced in Directive 2013/36/EU and EBA should be empowered to specify a minimum set of reference methodologies for the assessment of the impact of ESG risks on the financial stability of institutions, giving priority to the impact of environmental factors. Since the forward-looking nature of ESG risks means that scenario analysis and stress testing, together with plans for addressing those risks, are particularly informative assessment tools, EBA should be also empowered to develop uniform criteria for the content of the plans to address those risks and for the setting of scenarios and the application of stress testing methods. EBA should base its scenarios on available scientific evidence, building on the work of the Network of Central Banks and Supervisors for Greening the Financial System and the efforts by the Commission to strengthen cooperation between all relevant public authorities with a view to developing a common methodological base, as outlined in the Renewed Sustainable Finance Strategy. Environment-related risks, including climate-related risks and risks arising from environmental degradation and biodiversity loss, should take priority in light of their urgency and the particular relevance of scenario analysis and stress testing for their assessment.

(41)

As major providers of funding for businesses and households in the Union, institutions have a relevant role to play in promoting sustainable development across the Union. For the Union to deliver on its overall objective of achieving climate neutrality by 2050 as set out in Regulation (EU) 2021/1119, institutions need to integrate into their policies and activities the role of promoting sustainable development. To cater for that process of integration, institutions’ business models and strategies must be tested against the relevant Union regulatory objectives for a sustainable economy, including, for example, against the measures prescribed by the European Scientific Advisory Board on Climate Change, to identify ESG risks arising from misalignments. Where institutions disclose their sustainability objectives and commitments under other mandatory or voluntary sustainability frameworks, such as under Directive 2013/34/EU of the European Parliament and of the Council (15), those objectives and commitments should be consistent with the specific plans to address the ESG risks they face in the short, medium and long term. Competent authorities should assess through their relevant supervisory activities the extent to which institutions face ESG risks and have accompanying management policies and operational actions reflected in the targets and milestones set out in their prudential plans that are consistent with their disclosed sustainability commitments in the context of the process of adjustment towards climate neutrality by 2050. To promote sound and effective risk oversight as well as managerial behaviour aligned with their long-term strategy on sustainability, the risk appetite of institutions in relation to ESG risks should be an integral part of their remuneration policies and practices.

(42)

ESG risks can have far-reaching implications for the stability of both individual institutions and the financial system as a whole. Hence, competent authorities should consistently factor those risks into their relevant supervisory activities, including the supervisory review and evaluation process and the stress testing of those risks. The Commission, by means of the Technical Support Instrument established by Regulation (EU) 2021/240 of the European Parliament and of the Council (16), has been providing support to national competent authorities in developing and implementing stress testing methodologies and will continue to provide technical support in this respect. However, the stress testing methodologies for ESG risks have so far mainly been applied in an exploratory manner. To firmly and consistently embed stress testing of ESG risks in supervision, EBA, the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (EIOPA) established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council (17) and the European Supervisory Authority (European Securities and Markets Authority) (ESMA) established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council (18) should jointly develop guidelines to ensure consistent considerations and common methodologies for stress testing ESG risks. Stress testing of those risks should start with climate and environment-related factors, and as more ESG risk data and methodologies become available to support the development of additional tools to assess their quantitative impact on financial risks, competent authorities should increasingly assess the impact of those risks in their adequacy assessments of institutions. In order to ensure convergence of supervisory practices, EBA should issue guidelines regarding the uniform inclusion of ESG risks in the supervisory review and evaluation process.

(43)

The provisions of Directive 2013/36/EU on the systemic risk buffer framework may already be used to address various kinds of systemic risks, including systemic risks related to climate change. To the extent that the institution’s competent authorities or designated authorities consider that risks related to climate change have the potential to have serious negative consequences for the financial system and the real economy in Member States, they should introduce a systemic risk buffer rate which could also be applied to certain sets or subsets of exposures, for instance to those subject to physical and transition risks related to climate change, where they consider that the introduction of such a rate is effective and proportionate to mitigate those risks.

(44)

Markets in crypto-assets have grown rapidly in recent years. To address potential risks for institutions caused by their crypto-asset exposures that are not sufficiently covered by the existing prudential framework, the Basel Committee on Banking Supervision developed a standard for the prudential treatment of crypto-asset exposures. Part of that standard concerns the risk management by institutions and the application of the supervisory review and evaluation process on institutions. Institutions with direct or indirect crypto-asset exposures or institutions that provide related services for any form of crypto-asset should be required to have risk management policies, processes and practices in place to appropriately manage risks caused by their crypto-asset exposures. In particular, in their risk management activities, institutions should consider the crypto-asset technology risks, general information and communication technology (ICT) and cyber risks, legal risks, money laundering and terrorist financing risks and valuation risks. Competent authorities should be able to take the necessary supervisory actions where the institutions’ risk management practices are deemed insufficient.

(45)

The purpose of assessing the suitability of members of management bodies is to ensure that those members are qualified for their role and are of good repute. Having a robust ‘fit-and-proper’ framework for assessing the suitability of members of the management body and key function holders is a crucial factor in ensuring that institutions are adequately run and their risks are appropriately managed. Existing rules do not ensure that there is a timely suitability assessment of members of the management body by the appointing institution. Furthermore, there are currently no rules for the suitability assessment of key function holders. Moreover, cross-border institutions must navigate through a wide diversity of national rules and processes, which reduces the efficiency of the current framework. The existence of considerably different requirements as regards the suitability assessment across the Union is a particularly relevant issue in the context of the banking union. As a result, it is important to lay down a set of rules at Union level to put in place a more consistent and predictable ‘fit-and-proper’ framework. This will foster supervisory convergence, further enable trust between competent authorities and provide more legal certainty to institutions. ‘Fit-and-proper’ assessments are an important supervisory element along with other mechanisms such as the supervisory review and evaluation process and remuneration rules that together ensure sound governance of institutions.

(46)

To ensure sound governance, facilitate independent opinions and critical challenges, and present a variety of views and experiences, management bodies should be sufficiently diverse as regards age, gender, geographical provenance and educational and professional background. Gender balance is of particular importance to ensure adequate representation of the population, and should be promoted.

(47)

Having the primary responsibility for assessing the suitability of each member of the management body, institutions, and financial holding companies and mixed financial holding companies should carry out the initial suitability assessment before a new member takes up the position, subject to certain exceptions, followed by a verification by the competent authorities. Those entities should ensure that information about the suitability of the members of the management body remains up-to-date. Those entities should communicate that information to the competent authority. As soon as any new facts or other circumstances that could affect the suitability of members of the management body become known, those entities should inform the competent authorities thereof without undue delay. Those entities should take the necessary measures if they conclude that a member or a prospective member of the management body does not fulfil the suitability requirements. The same requirements should also apply to key function holders.

(48)

In order to ensure legal certainty and predictability for the entities, it is necessary to establish procedural rules for verifying the suitability of members of the management body and key function holders of large institutions by competent authorities. Such procedural rules should enable competent authorities to request any additional information, where necessary, including through documentation, interviews and hearings. Information and documents that are necessary for the suitability assessment by the competent authorities, including in the context of the suitability application to be provided before a prospective member takes up a position (the ‘ex ante suitability application’) by large institutions for members of the management body in its management function or the chair of the management body in its supervisory function, should be made available to the competent authorities by means determined by the competent authorities. Competent authorities should reassess a member’s suitability where the relevant information concerning that member’s suitability has changed. Competent authorities should not be required to reassess the suitability of the members of the management body when their mandate is renewed, unless relevant information that is known to competent authorities has changed and such change may affect the suitability of the member concerned. Competent authorities should have the power to take the necessary measures if they conclude that the suitability requirements are not fulfilled. Competent authorities should be able to request the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in accordance with Directive (EU) 2015/849 to consult, on a risk-sensitive basis, the relevant information concerning the members of the management body, and to have access to the central anti-money laundering and counter-terrorist financing database.

(49)

Due to the risks posed by large institutions resulting in particular from potential contagion effects, the competent authorities of Member States in which the supervisor’s suitability assessment is carried out after the member has taken up the position in the management body, in accordance with national law, should be notified without undue delay as soon as there is a clear intention to appoint a member of the management body in its management function or the chair of the management body in its supervisory function. Large institutions should in any event ensure that competent authorities receive an ex ante suitability application at the latest 30 working days before the prospective member takes up the position. The ex ante suitability application should be accompanied by all relevant documents and information that is necessary for the assessment, irrespective of whether the suitability assessment by the competent authorities is finalised before or after the person takes up the position. If criminal records or other documents required under national law or listed by competent authorities become available at a later stage, competent authorities should also receive those documents or information without undue delay. The ex ante suitability application should enable the competent authorities to start their analysis and take action in the context of the assessment. Such action can include preventing the prospective member from taking up the position as long as the competent authority does not receive sufficient information, or engaging in an enhanced dialogue in case the competent authority has concerns regarding the prospective member’s suitability with a view to ensuring that the prospective member is or becomes suitable when taking up the position. EBA should issue guidelines on the modalities of the focused and in-depth dialogue between the competent authority and the large institution with a view to removing any obstacles regarding the suitability of the prospective member in a spirit of cooperation. The ex ante suitability application should allow the competent authorities to engage in an early dialogue with large institutions on the suitability of members of the management body in its management function or the chair of the management body in its supervisory function before they take up their position. However, the ex ante suitability application should be without prejudice to the large institution’s prerogatives and responsibility when ensuring the suitability of the members of the management body, and to any ex post assessments conducted by the competent authorities, where permitted in accordance with national law.

(50)

Furthermore, in relation to large institutions, competent authorities should duly consider setting a maximum period for concluding the suitability assessment, at least with respect to the appointment of members of the management body and the appointment of the head of internal control functions and the chief financial officer, for a position in such institutions. It should be possible to extend such a maximum period, where appropriate.

(51)

The suitability assessment of the members of the management body should be without prejudice to national law on the appointment of representatives of employees in the management body and on the appointment of members of the management body in its supervisory function by regional or local elected bodies. In those cases, appropriate safeguards should be put in place to ensure the suitability of those members of the management body.

(52)

By 31 December 2029, EBA, in close cooperation with the ECB, should review and report on the application and efficiency of the ‘fit-and-proper’ framework, taking into account also the principle of proportionality, in particular with respect to small and non-complex institutions.

(53)

EBA should develop guidelines on the criteria to determine whether there are reasonable grounds to suspect that money laundering or terrorist financing is being or has been committed or attempted, or if there is an increased risk thereof in connection with an entity. When developing those guidelines, EBA should cooperate with ESMA and with the Authority for Anti-Money Laundering and Countering the Financing of Terrorism established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (19) (the ‘Authority for Anti-Money Laundering and Countering the Financing of Terrorism’). In the event that the Authority for Anti-Money Laundering and Countering the Financing of Terrorism is not operational when those guidelines are prepared, EBA should adopt those guidelines without having to cooperate with that authority.

(54)

In light of the role of the suitability assessment for the prudent and sound management of institutions, it is necessary to equip competent authorities with new tools to assess the suitability of members of management bodies, senior management and key function holders, such as statements of responsibilities and a mapping of duties. Those new tools should support the work of competent authorities when reviewing the governance arrangements of institutions as part of the supervisory review and evaluation process. Notwithstanding the overall collective responsibility of the management body, institutions should be required to draw up individual statements setting out the roles and duties of all members of the management body in its management function, senior management and key function holders and a mapping of duties, including details of the reporting lines, of the lines of responsibility, and of the persons who are part of the governance arrangements of the institution, and of their duties. Their individual duties and responsibilities are not always clearly or consistently defined and there might be situations where two or more roles overlap or where areas of duties and responsibilities are overlooked because they do not fall neatly under the remit of a single person. The scope of each individual’s duties and responsibilities should be well defined and no tasks should be left without ownership. Those tools should ensure further accountability of the members of the management body in its management function, of senior management and of key function holders. Furthermore, where Member States consider it necessary, they should be able to adopt or maintain stricter requirements for such tools.

(55)

The additional own funds requirement set by an institution’s competent authority in accordance with Directive 2013/36/EU to address risks other than the risk of excessive leverage should not be increased as a result of the institution becoming bound by the output floor laid down in Regulation (EU) No 575/2013, all else being equal. Furthermore, upon the institution becoming bound by the output floor, the competent authority should review that institution’s additional own funds requirement and assess, in particular, whether and to what extent such requirements are already fully covered by the fact that the institution is bound by the output floor. Where that is the case, the institution’s additional own funds requirement should be regarded as overlapping with the risks captured by the output floor in the own funds requirement of the institution and, consequently, the competent authority should reduce that requirement to the extent necessary to remove any such overlap for as long as the institution remains bound by the output floor.

(56)

Similarly, upon becoming bound by the output floor, the nominal amount of an institution’s Common Equity Tier 1 capital required under the systemic risk buffer and O-SII buffer could increase even though there has not been a corresponding increase in the macroprudential or systemic risks associated with the institution. In such cases, the institution’s competent authority or designated authority should review the calibration of the systemic risk buffer rates and make sure that they remain appropriate and do not double-count the risks that are already covered by virtue of the fact that the institution is bound by the output floor. Such a review should take place with the same frequency as the review of the buffers, which is annual for the O-SII buffer and every two years for the systemic risk buffer. However, it should be possible for the institution’s competent authority or designated authority to adjust the calibration of the buffers on a more frequent basis.

(57)

To enable the timely and effective activation of the systemic risk buffer, it is necessary to clarify the application of the relevant provisions and simplify and align the applicable procedures. Setting a systemic risk buffer should be possible for designated authorities in all Member States to ensure that authorities are empowered to address systemic risks in a timely, proportionate and effective manner and to enable the recognition of systemic risk buffer rates set by authorities in other Member States. Recognition of a systemic risk buffer rate set by another Member State should require only a notification from the authority recognising the rate. To avoid unnecessary authorisation procedures where the decision to set a buffer rate results in a decrease or no change from any of the previously set rates, the procedure laid down in Article 131(15) of Directive 2013/36/EU needs to be aligned with the procedure laid down in Article 133(9) of that Directive. The procedures laid down in Article 133(11) and (12) of that Directive should be clarified and made more consistent with the procedures applicable to other systemic risk buffer rates, where relevant.

(58)

The Commission should be empowered to adopt the regulatory technical standards developed by EBA with regard to the waiver for authorisation of investment firms as credit institutions, the list of minimum information to be provided for assessing material operations, the process to assess material operations, the booking arrangements for third-country branches, the mechanism of cooperation and the functioning of colleges of supervisors, the concept of exposures to default risk which are material in absolute terms and the thresholds for large numbers of material counterparties and positions in traded debt or equity instruments of different issuers, and the minimum content of the suitability questionnaire, curricula vitae and the internal suitability assessment. The Commission should adopt those regulatory technical standards by means of delegated acts pursuant to Article 290 of the Treaty on the Functioning of the European Union (TFEU) and in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

(59)

The Commission should be empowered to adopt the implementing technical standards developed by EBA with regard to the uniform formats and definitions for intermediate parent undertaking reporting; the consultation process between competent authorities in relation to the acquisition of a qualifying holding; the consultation process between competent authorities in relation to a merger or division; the regulatory and financial information on third-country branches and on head undertakings. The Commission should adopt those implementing technical standards by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 15 of Regulation (EU) No 1093/2010.

(60)

When drafting technical standards and guidelines and when replying to questions relating to their practical application or implementation, EBA should give due consideration to the principle of proportionality and ensure that those standards and guidelines can also be applied by small and non-complex institutions without undue effort.

(61)

Since the objectives of this Directive cannot be sufficiently achieved by the Member States but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(62)

Directive 2013/36/EU should therefore be amended accordingly,

HAVE ADOPTED THIS DIRECTIVE:

Article 1

Amendments to Directive 2013/36/EU

Directive 2013/36/EU is amended as follows:

(1)

Article 2 is amended as follows:

(a)

paragraph 5 is amended as follows:

(i)

points (4) and (5) are replaced by the following:

‘(4)

in Denmark, the “Danmarks Eksport- og Investeringsfond”, the “Danmarks Skibskredit A/S” and the “KommuneKredit”;

(4a)

in Czechia, the “Národní rozvojová banka a.s.”;

(5)

in Germany, the “Kreditanstalt für Wiederaufbau”, “Landwirtschaftliche Rentenbank”, “Bremer Aufbau-Bank GmbH”, “Hamburgische Investitions- und Förderbank”, “Investitionsbank Berlin”, “Investitionsbank des Landes Brandenburg”, “Investitionsbank Sachsen-Anhalt”, “Investitionsbank Schleswig-Holstein”, “Investitions- und Förderbank Niedersachsen — NBank”, “Investitions- und Strukturbank Rheinland-Pfalz”, “Landeskreditbank Baden-Württemberg Förderbank”, “LfA Förderbank Bayern”, “NRW.BANK”, “Saarländische Investitionskreditbank AG”, “Sächsische Aufbaubank — Förderbank”, “Thüringer Aufbaubank”, undertakings which are recognised under the “Wohnungsgemeinnützigkeitsgesetz” as bodies of State housing policy and are not mainly engaged in banking transactions, and undertakings recognised under that law as non-profit housing undertakings;’

;

(ii)

point (18) is replaced by the following:

‘(18)

in Austria, undertakings recognised as housing associations in the public interest and the “Österreichische Kontrollbank AG” and “Oesterreichische Entwicklungsbank — OeEB”;’

;

(iii)

the following point is inserted:

‘(20a)

in Romania, the “Banca de Investiții și Dezvoltare — S.A.”;’

;

(iv)

point (24) is deleted;

(b)

paragraph 6 is replaced by the following:

‘6.   The entities referred to in paragraph 5, points (3) to (23), of this Article shall be treated as financial institutions for the purposes of Article 34 and Title VII, Chapter 3.’

;

(2)

in Article 3, paragraph 1 is amended as follows:

(a)

the following point is inserted:

‘(8a)

“management body in its management function” means the management body acting in its role of directing an institution and includes the persons who effectively direct the business of the institution;’

;

(b)

point (9) is replaced by the following:

‘(9)

“senior management” means those natural persons who exercise executive functions within an institution and are directly accountable to the management body but are not members of that body, and who are responsible for the day-to-day management of the institution under the direction of the management body;’

;

(c)

the following points are inserted:

‘(9a)

“key function holders” means the persons who have significant influence over the direction of an institution but are not members of the management body, including the heads of internal control functions and the chief financial officer, where those heads or that officer are not members of the management body;

(9b)

“internal control functions” means risk management, compliance and internal audit functions;

(9c)

“heads of internal control functions” means the persons at the highest hierarchical level responsible for effectively managing the day-to-day operation of the internal control functions of an institution;

(9d)

“chief financial officer” means the person with overall responsibility for the financial resources management, financial planning and financial reporting of an institution;’

;

(d)

point (11) is replaced by the following:

‘(11)

“model risk” means model risk as defined in Article 4(1), point (52b), of Regulation (EU) No 575/2013;’

;

(e)

the following point is inserted:

‘(29a)

“stand-alone institution in the Union” means an institution that is not subject to prudential consolidation in the Union pursuant to Part One, Title II, Chapter 2, of Regulation (EU) No 575/2013, and that has no EU parent undertaking subject to such prudential consolidation;’

;

(f)

the following point is inserted:

‘(47a)

“eligible capital” means eligible capital as defined in Article 4(1), point (71), of Regulation (EU) No 575/2013;’

;

(g)

point (59) is replaced by the following:

‘(59)

“internal approaches” means the internal ratings based approach referred to in Article 143(1), the internal model approach referred to in Article 221, the internal model method referred to in Article 283, the alternative internal model approach referred to in Article 325az, and the internal assessment approach referred to in Article 265(2), of Regulation (EU) No 575/2013’

;

(h)

the following points are added:

‘(66)

“large institution” means large institution as defined in Article 4(1), point (146), of Regulation (EU) No 575/2013;

(67)

“periodic penalty payment” means a periodic pecuniary enforcement measure aimed at ending ongoing breaches of national provisions transposing this Directive, breaches of Regulation (EU) No 575/2013 or breaches of decisions taken by a competent authority on the basis of those provisions or that Regulation and compelling the natural or legal person to return to compliance with the infringed provisions or decisions;

(68)

“environmental, social and governance risk” or “ESG risk” means environmental, social and governance risk as defined in Article 4(1), point (52d), of Regulation (EU) No 575/2013;

(69)

“climate neutrality” means the overall objective of achieving climate neutrality by 2050 as set out in Article 2(1) of Regulation (EU) 2021/1119 of the European Parliament and of the Council (*1);

(70)

“crypto-asset” means a crypto-asset as defined in Article 3(1), point (5), of Regulation (EU) 2023/1114 of the European Parliament and of the Council (*2) that is not a central bank digital currency.

(*1)  Regulation (EU) 2021/1119 of the European Parliament and of the Council of 30 June 2021 establishing the framework for achieving climate neutrality and amending Regulations (EC) No 401/2009 and (EU) 2018/1999 (“European Climate Law”) (OJ L 243, 9.7.2021, p. 1)."

(*2)  Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40).’;"

(3)

in Article 4, paragraph 4 is replaced by the following:

‘4.   Member States shall ensure that competent authorities have the expertise, resources, operational capacity, powers and independence necessary to carry out functions relating to prudential supervision and investigations and the powers necessary to impose the periodic penalty payments and penalties set out in this Directive and in Regulation (EU) No 575/2013.’

;

(4)

the following article is inserted:

‘Article 4a

Supervisory independence of competent authorities

1.   For the purposes of this Article, “members of the competent authority’s governance body” means natural persons that form part of the most senior collective decision-making body of the competent authority and who are vested with the power to exercise executive functions regarding the day-to-day management of the supervisory function of the competent authority, excluding governors of national central banks.

2.   For the purpose of preserving the independence of competent authorities in the exercise of their powers, Member States shall provide for the necessary arrangements to ensure that competent authorities, including their members of staff and the members of their governance bodies, can exercise their supervisory powers independently and objectively, without seeking or taking instructions from supervised institutions, from any body of the Union or any government of a Member State or from any other public or private body. Member States shall ensure that the governance bodies of competent authorities are functionally independent of other public and private bodies. Those arrangements shall be without prejudice to the arrangements under national law whereby competent authorities are subject to public and democratic accountability.

Member States shall ensure that no member of a competent authority’s governance body who is appointed after 11 January 2026 remains in office for more than 14 years. Member States shall ensure that members of a competent authority’s governance body are appointed on the basis of published criteria that are objective and transparent and that those members can be dismissed if they no longer meet the criteria of appointment or have been convicted of a serious criminal offence. The reasons for dismissal shall be made public unless the member of the competent authority’s governance body concerned objects to the publication.

Member States shall ensure that competent authorities publish their objectives, are accountable for the discharge of their duties in relation to those objectives and are subject to financial control in a manner which does not affect their independence.

This paragraph shall be without prejudice to the rights and obligations of competent authorities pursuant to international or European systems of financial supervision, in particular the European system of financial supervision established pursuant to Regulation (EU) No 1093/2010 (*3), the single supervisory mechanism established pursuant to Council Regulation (EU) No 1024/2013 (*4) and Regulation (EU) No 468/2014 of the European Central Bank (*5), and the Single Resolution Mechanism established pursuant to Regulation (EU) No 806/2014 of the European Parliament and of the Council (*6).

3.   Member States shall, in particular, ensure that competent authorities have in place all the necessary arrangements to prevent conflicts of interest of their members of staff and of the members of their governance bodies. For that purpose, Member States shall lay down rules that are proportionate to the role and responsibilities of the members of staff and the members of governance bodies, and that, at a minimum, prohibit them from:

(a)

trading in financial instruments issued by or referenced to the institutions supervised by their competent authorities, and the direct or indirect parent undertakings, subsidiaries or affiliates of those institutions, with the exception of:

(i)

instruments managed by third parties, provided that the owners of those instruments are precluded from intervening in the management of the portfolio;

(ii)

investments in collective investment undertakings;

(b)

being hired by or accepting any kind of contract for the provision of professional services during a certain period (“cooling-off period”) with any of the following:

(i)

institutions with which the member of staff or the member of the competent authority’s governance body has been directly involved for the purposes of supervision or decision-making, including the direct or indirect parent undertakings, subsidiaries or affiliates of those institutions;

(ii)

entities providing services to any of the entities referred to in point (i), unless the member of staff or the member of the competent authority’s governance body is strictly precluded from taking part in the provision of those services during the cooling-off period;

(iii)

entities conducting lobbying and advocacy activities directed at the competent authority on matters for which the member of staff or the member of the competent authority’s governance body was responsible during that member’s employment or term of office.

The exceptions provided for in the first subparagraph, points (a)(i) and (ii), shall only apply where the third parties and collective investment undertakings do not predominantly invest in instruments issued by or referenced to the entities referred to in point (a).

4.   The cooling-off period shall start from the date on which direct involvement in the supervision of the entities referred to in paragraph 3, point (b)(i), ceased. Competent authorities shall ensure that their members of staff and the members of their governance bodies have no access to confidential or sensitive information relating to those entities during the cooling-off period. In the case of hirings by entities referred to in paragraph 3, points (b)(i) and (ii), the length of the cooling-off period shall be no less than six months for members of staff directly involved in the supervision of entities referred to in paragraph 3, point (b)(i), and no less than 12 months for members of the competent authority’s governance body. In the case of hirings by entities referred to in paragraph 3, point (b)(iii), the length of the cooling-off period shall be no less than three months for both members of staff and members of the competent authority’s governance body.

Member States may allow competent authorities to subject their members of staff and the members of their governance bodies to whom paragraph 3, point (b)(i), applies to a cooling-off period in the event of their hiring by direct competitors of one of the entities referred to in that point. For those purposes, the length of the cooling-off period shall be no less than three months for members of staff directly involved in the supervision of those entities and no less than six months for members of the competent authority’s governance body.

5.   By way of derogation from paragraph 4, Member States may allow competent authorities to apply shorter cooling-off periods of a minimum of three months for the members of staff directly involved in the supervision of institutions only where a longer cooling-off period:

(a)

would unduly restrict the ability of the competent authority to hire new members of staff with the adequate or necessary skills to exercise its supervisory functions, in particular taking into account the small size of the national labour market; or

(b)

would constitute a breach of any relevant fundamental right recognised in the constitution of the Member State concerned, of the Charter of Fundamental Rights of the European Union, or of any relevant workers’ rights as set out in national labour law.

6.   Members of staff and members of a competent authority’s governance body subject to the prohibition provided for in paragraph 3, point (b), shall be entitled to appropriate compensation for that prohibition. Member States shall decide on the appropriate form of such compensation.

7.   Member States shall ensure that members of staff and members of a competent authority’s governance body are subject to a declaration of interest. That declaration shall include information on the members’ holdings in the form of stocks, equities, bonds, mutual funds, investment funds, mixed-type funds, hedge funds and exchange-traded funds, that may raise conflict of interest concerns. The persons concerned shall submit the declaration of interest prior to their appointment and subsequently on an annual basis.

The declaration of interest shall be without prejudice to any requirement to submit a wealth declaration under applicable national rules.

8.   Where a member of staff or a member of a competent authority’s governance body owns, at the time of being hired or appointed or at any time thereafter, financial instruments that may give rise to conflicts of interest, the competent authority shall have the power to require on a case-by-case basis that those instruments be sold or disposed of within a reasonable timeframe. Competent authorities shall also have the power to allow, on a case-by-case basis, those members to sell or dispose of financial instruments that they owned at the time of being hired or appointed.

9.   To ensure a proportionate application of this Article, EBA shall, by 10 July 2026 issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, addressed to the competent authorities, on the prevention of conflicts of interest in, and on the independence of, competent authorities, taking into account international best practices.

(*3)  Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12)."

(*4)  Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63)."

(*5)  Regulation (EU) No 468/2014 of the European Central Bank of 16 April 2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities (SSM Framework Regulation) (ECB/2014/17) (OJ L 141, 14.5.2014, p. 1)."

(*6)  Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1).’;"

(5)

Article 8a is amended as follows:

(a)

in paragraph 1, point (b) is replaced by the following:

‘(b)

the average of monthly total assets calculated over a period of 12 consecutive months is less than EUR 30 billion, and the undertaking is part of a group in which the total value of the consolidated assets of all undertakings in the group established in the Union, including any of their branches and subsidiaries established in a third country, that individually have total assets of less than EUR 30 billion and that carry out any of the activities referred to in Annex I, Section A, points (3) and (6), to Directive 2014/65/EU is equal to or exceeds EUR 30 billion, both calculated as an average over a period of 12 consecutive months.’

;

(b)

the following paragraph is inserted:

‘3a.   By way of derogation from paragraph 1 of this Article, based on the application received in accordance with that paragraph and the information received in accordance with Article 95a of Directive 2014/65/EU, the competent authority may, after receiving a request from an undertaking referred to in paragraph 1 of this Article, waive the requirement to obtain an authorisation as a credit institution in accordance with Article 8 of this Directive for that undertaking.

Upon receiving a waiver request, the competent authority shall notify EBA thereof. EBA shall issue an opinion on that waiver request within one month from the notification by the competent authority. The competent authority shall take a decision on the waiver request, taking into account the EBA opinion and at least the following elements:

(a)

where the undertaking is part of a group, the organisational structure of the group, the booking practices prevailing within the group and the allocation of assets across the group entities;

(b)

the nature, size and complexity of the activities carried out by the undertaking in the Member State where it is established and in the Union as a whole;

(c)

the importance of, and systemic risk posed by, the activities carried out by the undertaking in the Member State where it is established and in the Union as a whole.

Where the decision of the competent authority deviates from the opinion provided by EBA, the competent authority shall state the reasons for the deviation in its decision.

The competent authority shall notify its decision to the undertaking concerned and to EBA. EBA shall publish that decision, together with its opinion, on its website.

The competent authority shall reassess its decision every three years.’

;

(c)

the following paragraphs are added:

‘7.   EBA shall develop draft regulatory technical standards to further specify the elements that are to be taken into consideration by the competent authority when deciding whether to grant a waiver in accordance with paragraph 3a, taking into account, in particular, the materiality of the counterparty credit risk to which an undertaking is exposed.

EBA shall submit those draft regulatory technical standards to the Commission by 10 January 2026.

Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

8.   By 31 December 2028, EBA shall submit a report to the Commission on the use of the waiver as referred to in paragraph 3a of this Article as well as on the application of Article 4(1), point (1)(b)(iii), of Regulation (EU) No 575/2013.’

;

(6)

in Article 18, the following point is added:

‘(g)

meets all of the following conditions:

(i)

it has been determined to be failing or likely to fail in accordance with Article 32(1), point (a), of Directive 2014/59/EU or in accordance with Article 18(1), point (a), of Regulation (EU) No 806/2014;

(ii)

the resolution authority considers that the condition set out in Article 32(1), point (b), of Directive 2014/59/EU or in Article 18(1), point (b), of Regulation (EU) No 806/2014 is met with respect to that credit institution;

(iii)

the resolution authority considers that the condition set out in Article 32(1), point (c), of Directive 2014/59/EU or in Article 18(1), point (c), of Regulation (EU) No 806/2014 is not met with respect to that credit institution.’

;

(7)

Article 21a is amended as follows:

(a)

paragraph 1 is replaced by the following:

‘1.   Parent financial holding companies in a Member State, parent mixed financial holding companies in a Member State, EU parent financial holding companies and EU parent mixed financial holding companies shall seek approval in accordance with this Article. Other financial holding companies or mixed financial holding companies shall seek approval in accordance with this Article where they are required to comply with this Directive or Regulation (EU) No 575/2013 on a sub-consolidated basis or where they are designated as responsible for ensuring the group’s compliance with prudential requirements on a consolidated basis as referred to in paragraph 4, point (c), of this Article.

Competent authorities shall, on a regular basis, and in any event at least annually, review the parent undertakings of an institution in order to verify if that institution, the entity requesting an authorisation pursuant to Article 8, or the entity designated as responsible for ensuring the group’s compliance with prudential requirements on a consolidated basis (the “designated entity”) has correctly identified any undertaking that complies with the criteria to be considered as a parent financial holding company in a Member State, a parent mixed financial holding company in a Member State, an EU parent financial holding company or an EU parent mixed financial holding company.

For the purposes of the second subparagraph of this paragraph, where the parent undertakings are located in other Member States than the Member State in which the institution, the entity requesting an authorisation pursuant to Article 8 or the designated entity is established, competent authorities of those Member States shall cooperate closely to conduct the review.

Competent authorities shall publish on their websites, and update on an annual basis, a list of financial holding companies and mixed financial holding companies that have been granted approval or exempted from approval in the Member State in accordance with this Article. Where an exemption from approval has been granted, the list shall also indicate the designated entity.’

;

(b)

paragraph 2 is amended as follows:

(i)

in the first subparagraph, point (b) is replaced by the following:

‘(b)

information regarding the nomination of at least two persons effectively directing the financial holding company or mixed financial holding company and compliance with the criteria and requirements set out in Article 91(1);’

;

(ii)

the second subparagraph is replaced by the following:

‘Where the approval or the exemption from approval of a financial holding company or mixed financial holding company referred to in paragraphs 3 and 4 of this Article takes place concurrently with the assessment carried out pursuant to Article 8, 22 or 27a, the competent authority for the purposes of those Articles shall coordinate, as appropriate, with the consolidating supervisor and, where different, the competent authority in the Member State where the financial holding company or mixed financial holding company is established. The assessment period referred to in Article 22(2), second subparagraph, or in Article 27a (6) shall be suspended until the procedure set out in this Article is complete.’

;

(c)

in paragraph 3, point (c) is replaced by the following:

‘(c)

the criteria regarding shareholders and members of credit institutions set out in Article 14 and the requirements laid down in Article 121 are complied with.’

;

(d)

in paragraph 4, the first subparagraph is amended as follows:

(i)

the introductory wording is replaced by the following:

‘The financial holding company or mixed financial holding company may seek exemption from approval under this Article, which shall be granted where all of the following conditions are met:’

;

(ii)

point (c) is replaced by the following:

‘(c)

a subsidiary credit institution or a subsidiary financial holding company or mixed financial holding company that has been granted approval in accordance with this Article is designated as responsible for ensuring the group’s compliance with prudential requirements on a consolidated basis and is given all the necessary means and legal authority to discharge those obligations in an effective manner;’

;

(e)

the following paragraph is inserted:

‘4a.   Without prejudice to paragraph 4, the consolidating supervisor may allow, on a case-by-case basis, financial holding companies or mixed financial holding companies which are exempted from approval to be excluded from the perimeter of consolidation, provided that the following conditions are met:

(a)

the exclusion does not affect the effectiveness of the supervision of the subsidiary credit institution or of the group;

(b)

the financial holding company or mixed financial holding company has no equity exposures other than the equity exposure in the subsidiary credit institution or in the intermediate parent financial holding company or mixed financial holding company controlling the subsidiary credit institution;

(c)

the financial holding company or mixed financial holding company does not make substantial recourse to leverage and does not have exposures which are not related to its ownership in the subsidiary credit institution or in the intermediate parent financial holding company or mixed financial holding company controlling the subsidiary credit institution.’

;

(f)

paragraph 8 is amended as follows:

(i)

the first subparagraph is replaced by the following:

‘Where the consolidating supervisor is different from the competent authority in the Member State where the financial holding company or mixed financial holding company is established, the two authorities shall work together in full consultation for the purpose of taking decisions on the approval, exemption from approval and exclusion from the perimeter of consolidation referred to in paragraphs 3, 4 and 4a, and on the supervisory measures referred to in paragraphs 6 and 7. The consolidating supervisor shall prepare an assessment on the matters referred to in paragraphs 3, 4, 4a, 6 and 7, as applicable, and shall forward that assessment to the competent authority in the Member State where the financial holding company or mixed financial holding company is established. The two authorities shall do everything within their powers to reach a joint decision within two months of receipt of that assessment.’

;

(ii)

the following subparagraph is inserted after the first subparagraph:

‘In the event that a joint decision is reached, where the consolidating supervisor is different from the competent authority in the Member State where the financial holding company or mixed financial holding company is established, the joint decision shall also be implemented or, where permitted under national law, shall directly apply in the Member State where the financial holding company or mixed financial holding company is established.’

;

(g)

in paragraph 10, the first subparagraph is replaced by the following:

‘Where approval or exemption from approval of a financial holding company or mixed financial holding company pursuant to this Article is refused, the consolidating supervisor shall notify the applicant of the decision and the reasons therefor within four months of receipt of the application, or where the application is incomplete, within four months of receipt of the complete information required for the decision.’

;

(8)

in Article 21b, the following paragraph is inserted:

‘6a.   EBA shall develop draft implementing technical standards to specify the uniform formats and definitions, and shall develop the IT solutions to be applied in the Union, for the reporting of the information referred to in paragraph 6.

EBA shall submit those draft implementing technical standards to the Commission by 10 January 2026.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the second subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010.’

;

(9)

the following article is inserted:

‘Article 21c

Requirement to establish a branch for the provision of banking services by third-country undertakings

1.   Member States shall require undertakings established in a third country as referred to in Article 47 to establish a branch in their territory and apply for authorisation in accordance with Title VI to commence or continue carrying out the activities referred to in Article 47(1) in the relevant Member State.

2.   The requirement laid down in paragraph 1 of this Article shall not apply where the undertaking established in a third country provides a service or activity to a client or counterparty established or situated in the Union that is:

(a)

a retail client, an eligible counterparty, or a professional client within the meaning of Annex II, Sections I and II, to Directive 2014/65/EU established or situated in the Union where such client or counterparty approaches an undertaking established in a third country at its own exclusive initiative for the provision of any service or activity referred to in Article 47(1) of this Directive;

(b)

a credit institution;

(c)

an undertaking of the same group as that of the undertaking established in a third country.

Without prejudice to the first subparagraph, point (c), where a third-country undertaking solicits a client or counterparty, or a potential client or counterparty, referred to in point (a) of that subparagraph, through an entity acting on its own behalf or having close links with such third-country undertaking or through any other person acting on behalf of such undertaking, it shall not be deemed to be a service provided at the own exclusive initiative of the client or counterparty, or of the potential client or counterparty.

Member States shall ensure that competent authorities have the power to require credit institutions and branches established in their territory to provide them with the information they require to monitor the services provided at the own exclusive initiative of the client or counterparty established or situated in their territory where such services are provided by undertakings established in third countries that are part of the same group.

3.   An initiative by a client or counterparty as referred to in paragraph 2 shall not entitle the third-country undertaking to market other categories of products, activities or services than those that the client or counterparty had solicited, other than through a third-country branch established in a Member State. However, the establishment of a third-country branch shall not be required for any services, activities or products necessary for, or closely related to the provision of the service, product or activity originally solicited by the client or counterparty, including where such closely related services, activities or products are provided subsequently to those originally solicited.

4.   The requirement laid down in paragraph 1 of this Article shall not apply to services or activities listed in Annex I, Section A, to Directive 2014/65/EU, including any accommodating ancillary services, such as related deposit taking or the granting of credit or loans the purpose of which is to provide services under that Directive.

5.   In order to preserve clients’ acquired rights under existing contracts, the requirement laid down in paragraph 1 shall be without prejudice to existing contracts that were entered into before 11 July 2026.

6.   By 10 July 2025, EBA, after consulting EIOPA and ESMA, shall review whether any financial sector entity in addition to credit institutions should be exempted from the requirement to establish a branch for the provision of banking services by third-country undertakings in accordance with this Article. EBA shall submit a report thereon to the European Parliament, to the Council and to the Commission. That report shall take into account financial stability concerns and the impact on the competitiveness of the Union.

Based on that report, the Commission shall, where appropriate, submit a legislative proposal to the European Parliament and to the Council.’

;

(10)

in Article 22(2), the first subparagraph is replaced by the following:

‘Competent authorities shall acknowledge, in writing, the receipt of notification under paragraph 1 or of further information under paragraph 3 promptly and in any event within 10 working days following receipt of the notification or of the information.’

;

(11)

Article 23 is amended as follows:

(a)

paragraph 1 is amended as follows:

(i)

point (e) is replaced by the following:

‘(e)

whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 of the European Parliament and of the Council (*7) is being or has been committed or attempted, or that the proposed acquisition could increase the risk thereof.

(*7)  Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).’;"

(ii)

the following subparagraphs are added:

‘For the purpose of assessing the criterion set out in the first subparagraph, point (e), of this paragraph, competent authorities shall consult, in the context of their verifications, the authorities responsible for supervising the credit institutions in accordance with Directive (EU) 2015/849.

Competent authorities may object to the proposed acquisition where the proposed acquirer is situated in a third country listed as a high-risk third country that has strategic deficiencies in its anti-money laundering and counter-terrorist financing regime, in accordance with Article 9 of Directive (EU) 2015/849, or in a third country that is subject to Union restrictive measures and it is assessed by the competent authority that it affects the capacity of the proposed acquirer to have in place the required practices and processes to comply with the requirements of the anti-money laundering and counter-terrorist financing regime.’

;

(b)

in paragraph 2, the following subparagraph is added:

‘For the purposes of this paragraph and with regard to the criterion set out in paragraph 1, point (e), of this Article, a negative opinion by the authorities responsible for supervising the credit institutions in accordance with Directive (EU) 2015/849, received by the competent authorities within 30 working days of the initial request, shall be duly taken into consideration by the competent authorities when assessing the proposed acquisition and may constitute a reasonable ground for opposition.’

;

(c)

the following paragraph is added:

‘6.   EBA shall develop draft regulatory technical standards to specify the list of minimum information to be provided by the proposed acquirer to the competent authority at the time of the notification referred to in Article 22(1).

For the purposes of the first subparagraph, EBA shall take into consideration Title II of Directive (EU) 2017/1132 of the European Parliament and of the Council (*8).

EBA shall submit those draft regulatory technical standards to the Commission by 10 January 2026.

Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

(*8)  Directive (EU) 2017/1132 of the European Parliament and of the Council of 14 June 2017 relating to certain aspects of company law (OJ L 169, 30.6.2017, p. 46).’;"

(12)

in Title III, the following chapters are added:

‘CHAPTER 3

ACQUISITION OR DIVESTITURE OF A MATERIAL HOLDING

Article 27a

Notification and assessment of the acquisition

1.   Member States shall require institutions, and financial holding companies and mixed financial holding companies within the scope of Article 21a(1) (the “proposed acquirer”) to notify their competent authority in writing in advance where they intend to acquire, directly or indirectly, a material holding (the “proposed acquisition”). The notification shall indicate the size of the proposed acquisition and the relevant information, as specified in Article 27b(5).

2.   For the purposes of paragraph 1, a holding shall be deemed material where it is equal to or more than 15 % of the eligible capital of the proposed acquirer.

3.   For the purposes of paragraph 1, where the proposed acquirer is an institution, the threshold referred to in paragraph 2 shall apply on both an individual basis and on the basis of the consolidated situation of the group. Where the threshold referred to in paragraph 2 is only exceeded on an individual basis, the proposed acquirer shall notify the competent authority in the Member State where it is established. That competent authority shall assess the proposed acquisition. Where that threshold is exceeded on an individual basis and on the basis of the consolidated situation of the group, the proposed acquirer shall also notify the consolidating supervisor. That consolidating supervisor shall also assess the proposed acquisition.

4.   Where the proposed acquirer is a financial holding company or mixed financial holding company within the scope of Article 21a(1), the threshold referred to in paragraph 2 of this Article shall apply on the basis of the consolidated situation, and the consolidating supervisor shall be the competent authority for the purposes of paragraph 1 of this Article.

5.   The competent authority shall acknowledge, in writing, the receipt of the notification referred to in paragraph 1 or of any additional information in accordance with paragraph 9 promptly and in any event within 10 working days following receipt of the notification or of the additional information.

6.   The competent authority shall have 60 working days from the date of the written acknowledgement of receipt of the notification and from the receipt of all documents, including those required by the Member State to be attached to the notification in accordance with Article 27b(5) (the “assessment period”), to carry out the assessment provided for in Article 27b(1).

Where the proposed acquisition concerns a qualifying holding in a credit institution as referred to in Article 22(1), the proposed acquirer shall also be subject to the notification requirement and the assessment under that Article. In that event, the time for the competent authority to carry out both the assessment provided for in Article 27b(1) and that referred to in Article 22(2) shall expire only when the later of the two relevant assessment periods expires.

7.   Where the proposed acquisition of a material holding is conducted between entities of the same group as referred to in Article 113(6) of Regulation (EU) No 575/2013 or between entities within the same institutional protection scheme as referred to in Article 113(7) of that Regulation, the competent authority shall not be required to carry out the assessment provided for in Article 27b(1) of this Directive.

8.   The competent authority shall inform the proposed acquirer of the date of the expiry of the assessment period at the time of acknowledging receipt as referred to in paragraph 5.

9.   The competent authority may, during the assessment period, where necessary, and in any event no later than on the 50th working day of the assessment period, request additional information that is necessary to complete the assessment provided for in Article 27b(1). Such a request shall be made in writing and shall specify the additional information needed.

10.   The assessment period shall be suspended between the date of request for additional information by the competent authority and the date of receipt of a response thereto by the proposed acquirer, providing all the requested information. That suspension shall not exceed 20 working days. Any further requests by the competent authority for completion or clarification of the information provided shall be at its discretion but shall not result in a suspension of the assessment period.

11.   The competent authority may extend the suspension referred to in paragraph 10 to a maximum of 30 working days in the following situations:

(a)

where the entity being acquired is situated in, or is subject to the regulatory framework of, a third country;

(b)

where an exchange of information with authorities responsible for supervising the proposed acquirer in accordance with Directive (EU) 2015/849 is necessary to carry out the assessment provided for in Article 27b(1) of this Directive.

12.   Where the approval of a financial holding company or mixed financial holding company within the scope of Article 21a(1) takes place concurrently with the assessment provided for in Article 27b(1), the competent authority for the purposes of Article 21a(1) shall coordinate, as appropriate, with the consolidating supervisor and, where different, the competent authority in the Member State where the financial holding company or mixed financial holding company is established. In that case, the assessment period shall be suspended until the procedure set out in Article 21a is complete.

13.   Where the competent authority decides to oppose the proposed acquisition, it shall, within two working days of completion of the assessment provided for in Article 27b(1), and before the end of the assessment period, inform the proposed acquirer in writing, providing the reasons for its opposition.

14.   Where the competent authority does not oppose the proposed acquisition within the assessment period in writing, it shall be deemed approved.

15.   The competent authority may set a maximum period for completing the proposed acquisition and extend it, where appropriate.

Article 27b

Assessment criteria

1.   In assessing the notification of the proposed acquisition provided for in Article 27a(1) and the information referred to in Article 27a(9), the competent authority shall assess the prospect for sound and prudent management by the proposed acquirer and, in particular, the risks to which the proposed acquirer is or might be exposed after the proposed acquisition, in accordance with the following criteria:

(a)

whether the proposed acquirer will be able to comply and continue to comply with the prudential requirements set out in this Directive and Regulation (EU) No 575/2013, and where applicable, other Union legal acts;

(b)

whether there are reasonable grounds to suspect that, in connection with the proposed acquisition, money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted, or that the proposed acquisition could increase the risk thereof.

2.   For the purpose of assessing the criterion set out in paragraph 1, point (b), of this Article, the competent authority shall consult, in the context of its verifications, the authorities responsible for supervising the proposed acquirer in accordance with Directive (EU) 2015/849.

3.   The competent authority may oppose the proposed acquisition only if there are reasonable grounds for doing so on the basis of the criteria set out in paragraph 1 of this Article, or if the information provided by the proposed acquirer is incomplete despite a request made in accordance with Article 27a(9).

For the purposes of this paragraph and with regard to the criterion set out in paragraph 1, point (b), of this Article, a negative opinion by the authorities responsible for supervising the proposed acquirer in accordance with Directive (EU) 2015/849, received by the competent authorities within 30 working days of the initial request, shall be duly taken into consideration by the competent authorities when assessing the proposed acquisition and may constitute a reasonable ground for opposition.

4.   Member States shall neither impose any prior conditions in respect of the level of the proposed acquisition nor allow the competent authority to examine the proposed acquisition in terms of the economic needs of the market.

5.   Member States shall publish a list of the information required to carry out the assessment. The proposed acquirer shall provide that information to the competent authority at the time of the notification referred to in Article 27a(1). The information required shall be proportionate and appropriate to the nature of the proposed acquisition. Member States shall not require information that is not relevant for the prudential assessment under this Article.

6.   Without prejudice to Article 27a(5) to (11), where two or more proposals to acquire material holdings in the same entity have been notified, the competent authority shall treat the proposed acquirers in a non-discriminatory manner.

7.   EBA shall develop draft regulatory technical standards to specify:

(a)

the list of minimum information to be provided by the proposed acquirer to the competent authority at the time of the notification referred to in Article 27a(1), Article 27f(1) and Article 27i(1);

(b)

a common assessment methodology of the criteria set out in this Article and Article 27j;

(c)

the process applicable to notification and the prudential assessment required under Articles 27a and 27i.

For the purposes of the first subparagraph, EBA shall take into consideration Title II of Directive (EU) 2017/1132.

EBA shall submit those draft regulatory technical standards to the Commission by 10 July 2026.

Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

Article 27c

Cooperation between competent authorities

1.   The competent authority shall consult the authorities entrusted with the public duty of supervising other financial sector entities concerned when carrying out the assessment provided for in Article 27b(1) where the proposed acquisition concerns one of the following:

(a)

a credit institution, an insurance undertaking, a reinsurance undertaking, an investment firm or an asset management company, authorised in another Member State or in a sector other than that of the proposed acquirer;

(b)

a parent undertaking of a credit institution, of an insurance undertaking, of a reinsurance undertaking, of an investment firm or of an asset management company, authorised in another Member State or in a sector other than that of the proposed acquirer;

(c)

a legal person controlling a credit institution, an insurance undertaking, a reinsurance undertaking, an investment firm or an asset management company, authorised in another Member State or in a sector other than that in which the acquisition is proposed.

2.   Where the proposed acquirer is an institution and the threshold referred to in Article 27a(2) is only exceeded on an individual basis, the competent authority assessing the proposed acquisition shall notify the consolidating supervisor of the proposed acquisition within 10 working days following receipt of the notification by the proposed acquirer, if the proposed acquirer is part of a group and the competent authority is different from the consolidating supervisor. The competent authority shall also forward its assessment to the consolidating supervisor.

Where the proposed acquirer is a financial holding company or mixed financial holding company within the scope of Article 21a(1), the consolidating supervisor assessing the proposed acquisition shall notify the competent authority in the Member State where the proposed acquirer is established of the proposed acquisition within 10 working days following receipt of the notification by the proposed acquirer, if that competent authority is different from the consolidating supervisor. The consolidating supervisor shall also forward its assessment to that competent authority.

Where the proposed acquirer is an institution and the threshold referred to in Article 27a(2) is exceeded on both an individual basis and on the basis of the consolidated situation of the group, the competent authority and the consolidating supervisor assessing the proposed acquisition shall seek to coordinate their assessments, in particular with regard to their consultation of the relevant authorities referred to in paragraph 1 of this Article.

3.   Where the assessment of the proposed acquisition needs to be carried out by the consolidating supervisor referred to in Article 27a(3) and the consolidating supervisor is different from the competent authority in the Member State where the proposed acquirer is established, the two authorities shall work together in full consultation. The consolidating supervisor shall prepare an assessment on the proposed acquisition and shall forward that assessment to the competent authority in the Member State where the proposed acquirer is established. The two authorities shall do everything within their powers to reach a joint decision within two months of receipt of that assessment. That joint decision shall be duly documented and reasoned. The consolidating supervisor shall communicate that joint decision to the proposed acquirer.

In the event that a joint decision is not taken within two months of receipt of the assessment, the consolidating supervisor or the competent authority in the Member State where the proposed acquirer is established shall refrain from taking a decision and shall refer the matter to EBA in accordance with Article 19 of Regulation (EU) No 1093/2010. EBA shall take its decision within one month of receipt of the referral to EBA. The authorities concerned shall adopt a joint decision in conformity with the decision of EBA.

4.   The competent authorities shall, without delay, provide each other with any information which is essential or relevant for the assessment. In that regard, the competent authorities shall communicate to each other upon request or on their own initiative all relevant information for the assessment.

The competent authorities shall seek to coordinate their assessments and ensure the consistency of their decisions. To that end, the decision by the competent authority responsible for the assessment shall indicate any views or reservations made by other relevant competent authorities.

5.   EBA shall develop draft implementing technical standards to establish common procedures and forms and shall develop templates for the consultation process between the relevant competent authorities as referred to in this Article.

EBA shall submit those draft implementing technical standards to the Commission by 10 July 2026.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

Article 27d

Notification of divestiture

Member States shall require institutions, and financial holding companies and mixed financial holding companies within the scope of Article 21a(1), to notify the competent authority where they intend to dispose, directly or indirectly, of a material holding as determined in accordance with Article 27a(2). That notification shall be made in writing and in advance of the divestiture, indicating the size of the holding concerned.

Article 27e

Information obligations and penalties

Where the proposed acquirer fails to notify the proposed acquisition in advance in accordance with Article 27a(1) or has acquired a material holding as referred to in that Article despite the opposition by the competent authority, Member States shall require the competent authority to take appropriate measures. Where a material holding is acquired despite opposition by the competent authority, Member States shall, without prejudice to potential penalties, provide either for exercise of the corresponding voting rights to be suspended or for votes cast to be declared null and void.

CHAPTER 4

MATERIAL TRANSFERS OF ASSETS AND LIABILITIES

Article 27f

Notification of material transfers of assets and liabilities

1.   Member States shall require institutions, and financial holding companies and mixed financial holding companies within the scope of Article 21a(1) to notify their competent authority in writing in advance of any material transfer of assets or liabilities which they execute either through a sale or any other type of transaction (the “proposed operation”).

Where the proposed operation involves only entities from the same group, those entities shall also be subject to the first subparagraph.

For the purposes of the first and second subparagraphs, each of the entities involved in the same proposed operation shall be subject individually to the obligation to notify set out therein.

2.   For the purposes of paragraph 1, the proposed operation shall be deemed material for an entity where it is at least equal to 10 % of its total assets or liabilities, unless the proposed operation is executed between entities of the same group, in which case the proposed operation shall be deemed material for an entity where it is at least equal to 15 % of its total assets or liabilities.

For the purposes of the first subparagraph of this paragraph, for parent financial holding companies and parent mixed financial holding companies referred to in paragraph 1, the percentages shall apply on the basis of their consolidated situation.

The following shall not be taken into account for calculating the percentages referred to in the first subparagraph of this paragraph:

(a)

transfers of non-performing assets;

(b)

transfers of assets for the purpose of being included in a cover pool as defined in Article 3, point (3), of Directive (EU) 2019/2162 of the European Parliament and of the Council (*9);

(c)

transfers of assets to be securitised;

(d)

transfers of assets or liabilities in the context of the use of resolution tools, powers and mechanisms provided for in Title IV of Directive 2014/59/EU.

3.   The competent authority shall acknowledge, in writing, the receipt of the notification under paragraph 1 promptly and in any event within 10 working days following receipt of the notification.

Article 27g

Information obligations and penalties

Where the entities fail to notify the proposed operation in advance in accordance with Article 27f(1), Member States shall require the competent authorities to take appropriate measures.

CHAPTER 5

MERGERS AND DIVISIONS

Article 27h

Scope and definitions

This Chapter is without prejudice to the application of Council Regulation (EC) No 139/2004 (*10) and Directive (EU) 2017/1132.

Mergers and divisions that result from the application of Directive 2014/59/EU shall not be subject to the obligations laid down in this Chapter.

For the purposes of this Chapter, the following definitions apply:

(1)

“merger” means any of the following operations whereby:

(a)

one or more companies, on being dissolved without going into liquidation, transfer all or parts of their assets and liabilities to another existing company, the acquiring company, in exchange for the issue to their members of securities or shares representing the capital of that acquiring company and, where applicable, a cash payment not exceeding 10 % of the nominal value unless stated otherwise by the applicable national law, or, in the absence of a nominal value, of the accounting par value of those securities or shares;

(b)

one or more companies, on being dissolved without going into liquidation, transfer all or parts of their assets and liabilities to another existing company, the acquiring company, without the issue of any new securities or shares by the acquiring company, provided that one person holds directly or indirectly all the securities and shares in the merging companies or the members of the merging companies hold their securities and shares in the same proportion in all merging companies;

(c)

two or more companies, on being dissolved without going into liquidation, transfer all or parts of their assets and liabilities to a company that they form, the new company, in exchange for the issue to their members of securities or shares representing the capital of that new company and, where applicable, a cash payment not exceeding 10 % of the nominal value unless stated otherwise by the applicable national law, or, in the absence of a nominal value, of the accounting par value of those securities or shares;

(d)

a company, on being dissolved without going into liquidation, transfers all or parts of its assets and liabilities to the company holding all the securities or shares representing its capital;

(2)

“division” means any of the following:

(a)

an operation whereby, after being wound up without going into liquidation, a company transfers to more than one company all its assets and liabilities in exchange for the allocation to the shareholders of the company being divided of securities or shares in the companies receiving contributions as a result of the division and, where applicable, a cash payment not exceeding 10 % of the nominal value unless stated otherwise by the applicable national law, or, in the absence of a nominal value, of the accounting par value of those securities or shares;

(b)

an operation whereby, after being wound up without going into liquidation, a company transfers to more than one newly-formed company all its assets and liabilities in exchange for the allocation to the shareholders of the company being divided of securities or shares in the recipient companies, and, where applicable, a cash payment not exceeding 10 % of the nominal value unless stated otherwise by the applicable national law, or, in the absence of a nominal value, of the accounting par value of those securities or shares;

(c)

an operation consisting of a combination of operations described under points (a) and (b);

(d)

an operation whereby a company being divided transfers part of its assets and liabilities to one or more recipient companies in exchange for the issue to the members of the company being divided of securities or shares in the recipient companies, in the company being divided or in both the recipient companies and the company being divided, and, where applicable, a cash payment not exceeding 10 % of the nominal value unless stated otherwise by the applicable national law, or, in the absence of a nominal value, of the accounting par value of those securities or shares;

(e)

an operation whereby a company being divided transfers part of its assets and liabilities to one or more recipient companies in exchange for the issue to the company being divided of securities or shares in the recipient companies.

Article 27i

Notification and assessment of the merger or division

1.   Member States shall require institutions, and financial holding companies and mixed financial holding companies within the scope of Article 21a(1) (the “financial stakeholders”) carrying out a merger or division (the “proposed operation”), to notify, after the adoption of the draft terms of the proposed operation and in advance of the completion of the proposed operation, the competent authority which will be responsible for supervising the entities resulting from such proposed operation, indicating the relevant information, as specified in accordance with Article 27j(5).

For the purposes of the first subparagraph of this paragraph, where the proposed operation consists of a division, the competent authority in charge of the supervision of the entity carrying out the proposed operation shall be the competent authority to be notified and in charge of the assessment provided for in Article 27j(1).

2.   By way of derogation from paragraph 1 of this Article, where the proposed operation is a merger that only involves financial stakeholders from the same group, including a group of credit institutions that are permanently affiliated to a central body and which is supervised as a group, the competent authority shall not be required to carry out the assessment provided for in Article 27j(1).

3.   The assessment provided for in Article 27j(1) shall not be carried out where the proposed operation requires an authorisation in accordance with Article 8, or an approval in accordance with Article 21a.

4.   The competent authority shall acknowledge, in writing, the receipt of the notification referred to in paragraph 1 or of the additional information submitted in accordance with paragraph 5 promptly and in any event within 10 working days following receipt of the notification or of the additional information.

Where the proposed operation involves only financial stakeholders from the same group, the competent authority shall have 60 working days from the date of the written acknowledgement of receipt of the notification and from the receipt of all documents required by the Member State to be attached to the notification in accordance with Article 27j(5) (the “assessment period”), to carry out the assessment provided for in Article 27j(1).

The competent authority shall inform the financial stakeholders of the date of the expiry of the assessment period at the time of acknowledging receipt.

5.   The competent authority may request additional information that is necessary to complete the assessment provided for in Article 27j(1). Such a request shall be made in writing and shall specify the additional information needed.

Where the proposed operation involves only financial stakeholders from the same group, the competent authority may request additional information by no later than the 50th working day of the assessment period.

The assessment period shall be suspended between the date of request for additional information by the competent authority and the date of receipt of a response thereto by the financial stakeholders, providing all the requested information. That suspension shall not exceed 20 working days. Any further requests by the competent authority for completion or clarification of the information provided shall be at its discretion but shall not result in a suspension of the assessment period.

6.   The competent authority may extend the suspension referred to in paragraph 5, third subparagraph, to a maximum of 30 working days in the following situations:

(a)

where at least one of the financial stakeholders is situated in, or is subject to the regulatory framework of, a third country;

(b)

where an exchange of information with authorities responsible for supervising the financial stakeholders in accordance with Directive (EU) 2015/849 is necessary to carry out the assessment provided for in Article 27j(1) of this Directive.

7.   The proposed operation shall not be completed before the competent authority has issued a positive opinion.

8.   The competent authority shall, within two working days from the completion of its assessment, issue in writing a reasoned positive or negative opinion to the financial stakeholders. The financial stakeholders shall transmit that reasoned opinion to the authorities in charge, under the national law, of the scrutiny of the proposed operation.

9.   Where the proposed operation involves only financial stakeholders from the same group and the competent authority does not oppose the proposed operation within the assessment period in writing, the opinion shall be deemed to be positive.

10.   The reasoned positive opinion issued by the competent authority may provide for a limited period during which the proposed operation is to be carried out.

Article 27j

Assessment criteria

1.   In assessing the notification of the proposed operation provided for in Article 27i(1) and the information referred to in Article 27i(5), the competent authority shall, in order to ensure the soundness of the prudential profile of the financial stakeholders after the completion of the proposed operation and in particular to address the risks to which the financial stakeholders are or might be exposed in the course of the proposed operation and the risks to which the entity resulting from the proposed operation might be exposed, assess the proposed operation in accordance with the following criteria:

(a)

the reputation of the financial stakeholders involved in the proposed operation;

(b)

the financial soundness of the financial stakeholders involved in the proposed operation, in particular in relation to the type of business pursued and envisaged for the entity resulting from the proposed operation;

(c)

whether the entity resulting from the proposed operation will be able to comply and continue to comply with the prudential requirements laid down in this Directive and Regulation (EU) No 575/2013, and where applicable, other Union legal acts, in particular Directives 2002/87/EC and 2009/110/EC;

(d)

whether the implementation plan of the proposed operation is realistic and sound from a prudential perspectiv;

(e)

whether there are reasonable grounds to suspect that, in connection with the proposed operation, money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted, or that the proposed operation could increase the risk thereof.

The implementation plan referred to in the first subparagraph, point (d), shall be subject to appropriate monitoring by the competent authority until completion of the proposed operation.

2.   For the purpose of assessing the criterion set out in paragraph 1, point (e), of this Article, the competent authority shall consult, in the context of its verifications, the authorities responsible for supervising the financial stakeholders in accordance with Directive (EU) 2015/849.

3.   The competent authority may issue a negative opinion regarding the proposed operation only if the criteria set out in paragraph 1 of this Article are not met or where the information provided by the financial stakeholder is incomplete despite a request made in accordance with Article 27i(5).

With regard to the criterion set out in paragraph 1, point (e), of this Article, a negative opinion by the authorities responsible for supervising the financial stakeholders in accordance with Directive (EU) 2015/849, received by the competent authority within 30 working days of the initial request, shall be duly taken into consideration by the competent authority when assessing the proposed operation and may constitute a reasonable ground for a negative opinion, as referred to in the first subparagraph of this paragraph.

4.   Member States shall not allow competent authorities to examine the proposed operation in terms of the economic needs of the market.

5.   Member States shall publish a list of the information required to carry out the assessment provided for in paragraph 1 of this Article. The financial stakeholders shall provide that information to the competent authorities at the time of the notification referred to in Article 27i(1). The information required shall be proportionate and appropriate to the nature of the proposed operation. Member States shall not require information that is not relevant for a prudential assessment under this Article.

Article 27k

Cooperation between competent authorities

1.   The competent authority shall consult the authorities entrusted with the public duty of supervising other financial sector entities concerned when carrying out the assessment provided for in Article 27j(1) where the proposed operation involves, in addition to the financial stakeholders, entities that are any of the following:

(a)

a credit institution, an insurance undertaking, a reinsurance undertaking, an investment firm or an asset management company, authorised in another Member State or in a sector other than that in which the proposed operation is undertaken;

(b)

a parent undertaking of a credit institution, of an insurance undertaking, of a reinsurance undertaking, of an investment firm or of an asset management company, authorised in another Member State or in a sector other than that in which the proposed operation is undertaken;

(c)

a legal person controlling a credit institution, an insurance undertaking, a reinsurance undertaking, an investment firm or an asset management company, authorised in another Member State or in a sector other than that in which the proposed operation is undertaken.

2.   The competent authorities shall, without delay, provide each other with any information which is essential or relevant for the assessment. In that regard, the competent authorities shall communicate to each other upon request or on their own initiative all relevant information for the assessment. An opinion by a competent authority of a financial stakeholder shall indicate any views or reservations expressed by the competent authority that supervises one or more of the entities listed in paragraph 1.

The competent authorities shall seek to coordinate their assessments and ensure the consistency of their opinions.

3.   EBA shall develop draft implementing technical standards to establish common procedures and forms and shall develop templates for the consultation process between the relevant competent authorities as referred to in this Article.

For the purposes of the first subparagraph, EBA shall take into consideration Title II of Directive (EU) 2017/1132.

EBA shall submit those draft implementing technical standards to the Commission by 10 January 2027.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

Article 27l

Information obligations and penalties

Where the financial stakeholders fail to notify the proposed operation in advance in accordance with Article 27i(1) or have carried out the proposed operation as referred to in that Article without prior positive opinion by the competent authorities, Member States shall require the competent authorities to take appropriate measures.

(*9)  Directive (EU) 2019/2162 of the European Parliament and of the Council of 27 November 2019 on the issue of covered bonds and covered bond public supervision and amending Directives 2009/65/EC and 2014/59/EU (OJ L 328, 18.12.2019, p. 29)."

(*10)  Council Regulation (EC) No 139/2004 of 20 January 2004 on the control of concentrations between undertakings (the EC Merger Regulation) (OJ L 24, 29.1.2004, p. 1).’;"

(13)

Title VI is replaced by the following:

‘TITLE VI

PRUDENTIAL SUPERVISION OF THIRD-COUNTRY BRANCHES AND RELATIONS WITH THIRD COUNTRIES

CHAPTER 1

PRUDENTIAL SUPERVISION OF THIRD-COUNTRY BRANCHES

SECTION I

General provisions

Article 47

Scope and definitions

1.   This Chapter lays down the minimum requirements concerning the carrying out in a Member State of the following activities by a third-country branch:

(a)

any of the activities referred to in points 2 and 6 of Annex I to this Directive by an undertaking established in a third country that would qualify as a credit institution or that would fulfil the criteria set out in Article 4(1), point (1)(b), of Regulation (EU) No 575/2013 if it were established in the Union;

(b)

the activity referred to in point 1 of Annex I to this Directive by an undertaking established in a third country.

2.   Where an undertaking established in a third country provides activities and services listed in Annex I, Section A, to Directive 2014/65/EU and any accommodating ancillary services, such as related deposit taking or the granting of credit or loans the purpose of which is to provide services under that Directive, that undertaking shall not be included within the scope of paragraph 1 of this Article.

3.   For the purposes of this Title, the following definitions apply:

(1)

“third-country branch” means a branch established in a Member State by either:

(a)

an undertaking which has its head office in a third country, for the purpose of carrying out any of the activities referred to in paragraph 1;

(b)

a credit institution which has its head office in a third country;

(2)

“head undertaking” means an undertaking which has its head office in a third country and which has established a third-country branch in the Member State, and the intermediate or ultimate parent undertakings of that undertaking, as applicable.

Article 48

Prohibition of discrimination

Member States shall not apply to third-country branches, when those are commencing or continuing to carry out their business, provisions which result in a more favourable treatment than that accorded to branches of institutions having their head office in another Member State.

Article 48a

Classification of third-country branches

1.   Member States shall classify third-country branches as class 1 where those branches meet any of the following conditions:

(a)

the total value of the assets booked or originated by the third-country branch in the Member State is equal to or greater than EUR 5 billion, as reported for the immediately preceding annual reporting period in accordance with Section II, Sub-Section 4;

(b)

the third-country branch’s authorised activities include taking deposits or other repayable funds from retail customers, provided that the amount of such deposits and other repayable funds is equal to or greater than 5 % of the total liabilities of the third-country branch or the amount of such deposits and other repayable funds exceeds EUR 50 million;

(c)

the third-country branch is not a qualifying third-country branch within the meaning of Article 48b.

2.   Member States shall classify third-country branches that do not meet any of the conditions set out in paragraph 1 as class 2.

3.   Competent authorities shall update the classification of third-country branches as follows:

(a)

where a class 1 third-country branch ceases to meet the conditions set out in paragraph 1, it shall immediately be considered as class 2;

(b)

where a class 2 third-country branch starts to meet one of the conditions set out in paragraph 1, it shall be considered as class 1 only after a period of four months from the date on which it started to meet those conditions.

4.   Member States may apply to third-country branches authorised in their territory, or to certain categories thereof, the same requirements that apply to credit institutions authorised under this Directive, instead of the requirements set out in this Title. Where the treatment laid down in this paragraph only applies to certain categories of third-country branches, Member States shall set out the relevant classification criteria for the purposes of that treatment. Paragraphs 1, 2 and 3 of this Article shall not apply to those third-country branches, except for the purposes of Article 48p.

Article 48b

Conditions for qualifying third-country branches

1.   Where the following conditions are met in relation to a third-country branch, that branch shall be regarded as a qualifying third-country branch for the purposes of this Title:

(a)

the head undertaking is established in a country that applies prudential standards and a supervisory oversight in accordance with the third country’s banking regulatory framework that are at least equivalent to this Directive and to Regulation (EU) No 575/2013;

(b)

the supervisory authorities of the head undertaking are subject to confidentiality requirements that are at least equivalent to the requirements laid down in Title VII, Chapter 1, Section II, of this Directive;

(c)

the head undertaking is established in a country that is not listed as a high-risk third country that has strategic deficiencies in its anti-money laundering and counter-terrorist financing regime, in accordance with Article 9 of Directive (EU) 2015/849.

2.   The Commission may adopt, by means of implementing acts, decisions as to whether the conditions set out in paragraph 1, points (a) and (b), of this Article are met in relation to a third country’s banking regulatory framework. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 147(2).

3.   Before adopting the decision referred to in paragraph 2 of this Article, the Commission may request EBA’s assistance in accordance with Article 33 of Regulation (EU) No 1093/2010 to conduct an assessment of the relevant third country’s banking regulatory framework and confidentiality requirements and to issue a report on the compliance of that framework and of those requirements with the conditions set out in paragraph 1, points (a) and (b), of this Article. EBA shall publish the outcome of its assessment on its website.

4.   EBA shall keep a public register of the third countries and third-country authorities that meet the conditions set out in paragraph 1.

5.   Upon receiving an application for authorisation in accordance with Article 48c, the competent authority shall assess the conditions laid down in paragraph 1 of this Article and in Article 48a to classify the third-country branch as class 1 or class 2. Where the relevant third country is not recorded in the public register referred to in paragraph 4 of this Article, the competent authority shall request the Commission to assess the third country’s banking regulatory framework and confidentiality requirements for the purposes of paragraph 2 of this Article, provided that the condition referred to in paragraph 1, point (c), of this Article is met. The competent authority shall classify the third-country branch as class 1 pending the Commission’s adoption of a decision in accordance with paragraph 2 of this Article.

SECTION II

Authorisation and regulatory requirements

Sub-Section 1

Authorisation requirements

Article 48c

Minimum conditions for the authorisation of third-country branches

1.   Member States shall require, in accordance with Article 21c, that third-country undertakings establish a branch in their territory before commencing or continuing the activities referred to in Article 47(1). The establishment of a third-country branch shall be subject to prior authorisation in accordance with this Chapter.

2.   Competent authorities shall endeavour to conclude administrative agreements or other arrangements with relevant third-country competent authorities before a third-country branch commences its activities in the relevant Member State. Such agreements shall be based on the model administrative arrangements developed by EBA in accordance with Article 33(5) of Regulation (EU) No 1093/2010. That requirement shall not apply where third-country branches are subject to stricter national requirements. Competent authorities shall submit information about any administrative agreements or other arrangements concluded with third-country competent authorities to EBA without delay.

3.   Member States shall require that the applications for authorisation of third-country branches be accompanied by a programme of operations setting out the envisaged business, the activities to be carried out among those referred to in Article 47(1) and the organisational structure and risk management of the branch in the relevant Member State in accordance with Article 48g.

4.   Third-country branches shall only be authorised where, at a minimum, all of the following conditions are fulfilled:

(a)

the third-country branch meets the minimum regulatory requirements laid down in Sub-Section 2;

(b)

the activities that the head undertaking seeks authorisation for in the Member State are covered by the authorisation that such head undertaking holds in the third country where it is established and are subject to supervision in that third country;

(c)

the supervisory authority of the head undertaking in the third country has been notified of and provided with the application to establish a branch in the Member State and the accompanying documents referred to in paragraph 3;

(d)

the authorisation provides that the third-country branch may only conduct the authorised activities within the Member State where it is established and expressly prohibits the third-country branch from offering or conducting those activities in other Member States on a cross-border basis, except for intragroup funding transactions concluded with other third-country branches of the same head undertaking and for transactions entered into on the basis of reverse solicitation of services in accordance with Article 21c;

(e)

for the purpose of exercising its supervisory functions, the competent authority is able to access all the necessary information on the head undertaking from the supervisory authorities of that head undertaking and to effectively coordinate its supervisory activities with those of the third-country’s supervisory authorities, in particular in periods of crisis or financial distress affecting the head undertaking, its group or the third country’s financial system;

(f)

there are no reasonable grounds to suspect that the third-country branch would be used to commit or facilitate the commission of money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849.

5.   For the purposes of assessing whether the condition set out in paragraph 4, point (f), of this Article is met, the competent authority shall consult the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in the Member State in accordance with Directive (EU) 2015/849 and obtain written confirmation that the condition is fulfilled before proceeding to authorising the third-country branch.

6.   Competent authorities may decide that the authorisations of third-country branches granted by 10 January 2027 shall remain valid, provided that the third-country branches that were granted those authorisations comply with the minimum requirements laid down in this Title.

7.   EBA shall monitor operations between the third-country branches of the same head undertaking authorised in different Member States and shall submit a report to the Commission setting out its findings 10 July 2028.

8.   By 10 July 2026, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to further specify:

(a)

the information to be provided to the competent authorities upon application for authorisation of a third-country branch, including the programme of operations and the organisational structure and the risk management referred to in paragraph 3;

(b)

the procedure for authorisation of the third-country branch, as well as the standard forms and templates for the provision of the information referred to in point (a) of this paragraph;

(c)

the conditions for authorisation referred to in paragraph 4;

(d)

the conditions under which competent authorities may rely on information that has already been provided in the process of any prior third-country branch authorisation.

Article 48d

Conditions for the refusal or withdrawal of a third-country branch’s authorisation

1.   Member States shall, at a minimum, provide for the following conditions for refusing or withdrawing the authorisation of a third-country branch:

(a)

the third-country branch does not meet the requirements for authorisation laid down in Article 48c or in national law;

(b)

the head undertaking or its group does not meet the prudential requirements that apply to it under the third-country law or there are reasonable grounds to suspect that it does not meet or that it will breach those requirements within the following 12 months.

For the purposes of the first subparagraph, point (b), third-country branches shall promptly notify their competent authorities where the circumstances referred to in that point occur.

2.   Competent authorities may also withdraw the authorisation granted to a third-country branch where any of the following conditions is met:

(a)

the third-country branch does not make use of the authorisation within 12 months, expressly renounces the authorisation or has ceased to engage in business for more than six months, unless the Member State concerned has made provision for the authorisation to lapse in such cases;

(b)

the third-country branch has obtained the authorisation through false statements or any other irregular means;

(c)

the third-country branch no longer fulfils one or more of the additional conditions or requirements under which the authorisation was granted;

(d)

the third-country branch can no longer be relied on to fulfil its obligations towards its creditors and, in particular, no longer provides security for the assets entrusted to it by its depositors;

(e)

the third-country branch falls within one of the other cases where national law provides for withdrawal of authorisation;

(f)

the third-country branch commits one of the breaches referred to in Article 67(1);

(g)

there are reasonable grounds to suspect that money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted in connection with the third-country branch, its head undertaking or its group, or that there is an increased risk of money laundering or terrorist financing being committed or attempted in relation to the third-country branch, its head undertaking or its group.

3.   For the purpose of assessing whether the condition set out in paragraph 2, point (g), of this Article is met, the competent authority shall consult the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in the Member State in accordance with Directive (EU) 2015/849.

4.   Member States shall provide for clear procedures for the refusal or the withdrawal of a third-country branch’s authorisation in accordance with paragraphs 1, 2 and 3.

Sub-Section 2

Minimum regulatory requirements

Article 48e

Capital endowment requirement

1.   Without prejudice to other applicable capital requirements in accordance with national law, Member States shall require third-country branches to maintain at all times a minimum capital endowment that is at least equal to:

(a)

for class 1 third-country branches, 2,5 % of the branch’s average liabilities for the three immediately preceding annual reporting periods or, for newly authorised third-country branches, of the branch’s liabilities at the time of authorisation, as reported in accordance with Sub-Section 4, subject to a minimum of EUR 10 million;

(b)

for class 2 third-country branches, 0,5 % of the branch’s average liabilities for the three immediately preceding annual reporting periods or, for newly authorised third-country branches, of the branch’s liabilities at the time of authorisation, as reported in accordance with Sub-Section 4, subject to a minimum of EUR 5 million.

2.   Third-country branches shall fulfil the minimum capital endowment requirement referred to in paragraph 1 with assets in the form of any of the following:

(a)

cash, or cash assimilated instruments as defined in Article 4(1), point (60), of Regulation (EU) No 575/2013;

(b)

debt securities issued by central governments or central banks of Member States; or

(c)

any other instrument that is available to the third-country branch for unrestricted and immediate use to cover risks or losses as soon as those risks or losses occur.

3.   Member States shall require third-country branches to deposit the capital endowment instruments referred to in paragraph 2 of this Article in an escrow account held in the Member State where the branch is authorised with a credit institution that is not part of its head undertaking’s group or, where permitted under national law, with the central bank of the Member State. The capital endowment instruments deposited in the escrow account shall be available for use for the purposes of Article 96 of Directive 2014/59/EU in the case of resolution of the third-country branch and for the purposes of the winding-up of the third-country branch in accordance with national law.

4.   By 10 July 2026, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to specify the requirement laid down in paragraph 2, point (c), of this Article in relation to instruments that are available for unrestricted and immediate use to cover risks or losses as soon as those risks or losses occur.

Article 48f

Liquidity requirements

1.   Without prejudice to other applicable liquidity requirements in accordance with national law, Member States shall at a minimum require third-country branches to maintain at all times a volume of unencumbered and liquid assets sufficient to cover liquidity outflows over a minimum period of 30 days.

2.   For the purposes of paragraph 1 of this Article, Member States shall require class 1 third-country branches to comply with the liquidity coverage requirement laid down in Part Six, Title I, of Regulation (EU) No 575/2013 and in Commission Delegated Regulation (EU) 2015/61 (*11).

3.   Member States shall require third-country branches to deposit the liquid assets held to comply with this Article in an account held in the Member State where the branch is authorised with a credit institution that is not part of its head undertaking’s group or, where permitted under national law, with the central bank of the Member State. Where there are liquid assets remaining in the account after they have been applied to cover liquidity outflows in accordance with paragraph 1 of this Article, those remaining liquid assets shall be available for use for the purposes of Article 96 of Directive 2014/59/EU in the case of resolution of the third-country branch and for the purposes of the winding-up of the third-country branch in accordance with national law.

4.   Competent authorities may waive the liquidity requirement laid down in this Article for qualifying third-country branches.

Article 48g

Internal governance and risk management

1.   Member States shall require third-country branches to have at least two persons in the relevant Member State effectively directing their business subject to prior approval by the competent authorities. Those persons shall be of good repute and possess sufficient knowledge, skills and experience and commit sufficient time to the performance of their duties.

2.   Member States shall require class 1 third-country branches to comply with Articles 74 and 75, Article 76(5) and (6), and Articles 92, 94 and 95. Competent authorities may require third-country branches to establish a local management committee to ensure an adequate governance of the branch.

3.   Member States shall require class 2 third-country branches to comply with Articles 74, 75, 92, 94 and 95 and to have internal control functions as provided for under Article 76(5) and Article 76(6), first, second and fourth subparagraphs.

Depending on their size, internal organisation and the nature, scope and complexity of their activities, competent authorities may require class 2 third-country branches to appoint heads of internal control functions as provided for in Article 76(6), third and fifth subparagraphs.

4.   Member States shall require third-country branches to establish reporting lines to the management body of the head undertaking that cover all material risks and risk management policies and changes thereof and to have in place adequate information and communication technology (ICT) systems and controls to ensure that policies are duly complied with.

5.   Member States shall require third-country branches to monitor and manage their outsourcing arrangements, and to ensure that their competent authorities have full access to all information they need to exercise their supervisory function.

6.   Member States shall require third-country branches that engage in back-to-back or intragroup operations to have adequate resources to identify and properly manage their counterparty credit risk where material risks associated with assets booked by the third-country branch are transferred to the counterparty.

7.   Where critical or important functions of the third-country branch are carried out by its head undertaking, those functions shall be carried out in accordance with internal arrangements or intragroup agreements. Competent authorities in charge of the supervision of third-country branches shall have access to all information they need to exercise their supervisory function.

8.   Competent authorities shall require that an independent third party assess on a regular basis the implementation of and ongoing compliance by the third-country branch with the requirements laid down in this Article and submit a report to the competent authority with its findings and conclusions.

9.   By 10 January 2027, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, on the application to third-country branches of the arrangements, processes and mechanisms referred to in Article 74(1) of this Directive, taking into account Article 74(2), and on the application to third-country branches of Article 75 and Article 76(5) and (6) of this Directive.

Article 48h

Booking requirements

1.   Member States shall require third-country branches to maintain a registry book enabling those third-country branches to track and keep a comprehensive and precise record of all the assets and liabilities booked or originated by the third-country branch in the Member State and to manage those assets and liabilities autonomously within the third-country branch. The registry book shall provide all necessary and sufficient information on the risks generated by the third-country branch and on how they are managed.

2.   Member States shall require third-country branches to develop and regularly review and update a policy on booking arrangements for the management of the registry book referred to in paragraph 1. Such a policy shall be documented and approved by the relevant governing body of the head undertaking. The policy shall provide a clear rationale for the booking arrangements and set out how those arrangements align with the third-country branch’s business strategy.

3.   Member States shall require third-country branches to ensure that an independent written and reasoned opinion on the implementation of and ongoing compliance with the requirements laid down in this Article be regularly prepared and addressed to the competent authority with the findings and conclusions.

4.   EBA shall develop draft regulatory technical standards to specify the booking arrangements that third-country branches are to apply for the purposes of this Article, in particular as regards:

(a)

the methodology to identify and keep a comprehensive and precise track record of the assets and liabilities booked by the third-country branch in the Member State; and

(b)

the methodology to identify and keep a record of off-balance-sheet items and of the assets and liabilities originated by the third-country branch and booked or held remotely in other branches or subsidiaries of the same group on behalf of or for the benefit of the originating third-country branch.

EBA shall submit those draft regulatory technical standards to the Commission by 10 January 2026.

Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

Sub-Section 3

Power to require authorisation under Title III and requirements on third-country branches which have systemic importance

Article 48i

Power to require the establishment of a subsidiary

1.   Member States shall ensure that competent authorities have the power to require third-country branches to apply for authorisation under Title III, Chapter 1, at least where:

(a)

the third-country branch has carried out in the past or is currently carrying out activities referred to in Article 47(1), without prejudice to the exemptions referred to in Article 48c(4), point (d), with clients or counterparties in other Member States;

(b)

the third-country branch meets the indicators of systemic importance referred to in Article 131(3) or is assessed as having systemic importance in accordance with Article 48j and poses significant financial stability risks in the Union or the Member State where it is established; or

(c)

the aggregate amount of the assets of all third-country branches in the Union which belong to the same third-country group is equal to or greater than EUR 40 billion or the amount of the third-country branch’s assets on its book in the Member State where it is established is equal to or greater than EUR 10 billion.

The power referred to in the first subparagraph of this paragraph may be used after applying the measures in Article 48j or 48o, as appropriate, or where the competent authority can justify, on grounds other than those listed under the first subparagraph of this paragraph, that those measures would be insufficient to address the material supervisory concerns.

2.   Before exercising the power referred to in paragraph 1, competent authorities shall consult EBA and the competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions.

For the purposes of paragraph 1, points (b) and (c), of this Article and when carrying out the assessment referred to in Article 48j, the competent authorities or, where appropriate, designated authorities shall take into account appropriate indicators for assessing the systemic importance of third-country branches, which shall include in particular:

(a)

the size of the third-country branch;

(b)

the complexity of the third-country branch’s structure, organisation and business model;

(c)

the degree of interconnectedness of the third-country branch with the financial system of the Union and of the Member State where it is established;

(d)

the substitutability of the activities, services or operations conducted or the financial infrastructure provided by the third-country branch;

(e)

the market share of the third-country branch in the Union and in the Member State where it is established as regards total banking assets and in relation to the activities and services it provides and the operations that it conducts;

(f)

the likely impact of a suspension or closure of the third-country branch’s operations or business on the liquidity of the financial system of the Member State where it is established or on the payment, clearing and settlement systems in the Union and in that Member State;

(g)

the role and importance of the third-country branch for the activities, services and operations of the third-country group in the Union and in the Member State where it is established;

(h)

the role and importance of the third-country branch in the context of resolution or winding-up based on information from the resolution authority;

(i)

the volume of the third-country group’s business being conducted through third-country branches, relative to the business of that group conducted through subsidiary institutions authorised in the Union and in the Member States where the third-country branches are established.

Article 48j

Assessment of systemic importance and requirements on third-country branches which have systemic importance

1.   The third-country branch shall be subject to the assessment laid down in paragraph 2 of this Article where all third-country branches in the Union that belong to the same third-country group have an aggregate amount of assets in the Union as reported in accordance with Sub-Section 4 equal to or greater than EUR 40 billion, either:

(a)

on average for the immediately preceding three annual reporting periods; or

(b)

in absolute terms for at least three annual reporting periods during the immediately preceding five annual reporting periods.

The asset threshold referred to in the first subparagraph shall not include the assets held by the third-country branches in connection with central bank market operations entered into with ESCB central banks.

2.   The competent authority responsible for the supervision of a third-country branch which belongs to a third-country group where all third-country branches in the Union have an aggregate amount of assets in the Union equal to or greater than EUR 40 billion shall assess whether the third-country branch under its supervision has systemic importance and poses significant risks for the financial stability of the Union or for the Member State where it is established. For those purposes, competent authorities shall, in particular, have regard to the indicators of systemic importance referred to in Article 48i(2) and Article 131(3).

3.   As part of the assessment referred to in paragraph 2, the competent authority or, where appropriate, the designated authority shall consult EBA and competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions, in order to assess the financial stability risks that the relevant third-country branch poses for the Member States other than the Member State where it is established.

The competent authority or, where appropriate, the designated authority shall provide its reasoned assessment of the systemic importance of the third-country branch for the Union or the Member State where it is established to EBA and to the competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions.

Where the competent authorities which are consulted disagree with the assessment of the systemic importance of the third-country branch, they shall inform the competent authority which has conducted the assessment referred to in paragraph 2 within 10 working days from receiving the assessment. The competent authorities, with the assistance of EBA, shall use their best endeavours to reach a consensus on the assessment and, where applicable, on the targeted requirements referred to in paragraph 4 no later than three months from the date on which the competent authority or, where appropriate, the designated authority raised its objection. After that period has expired, the competent authority responsible for the supervision of the third-country branch under assessment shall decide on the assessment of the systemic importance of the third-country branch and on the targeted requirements referred to in paragraph 4.

4.   Where appropriate to address the risks identified, the competent authority or, where appropriate, the designated authority may subject the third-country branch to targeted requirements that may include:

(a)

requiring that the relevant third-country branch restructure its assets or activities in such a manner that it ceases to qualify as having systemic importance in accordance with paragraph 2 or that it ceases to pose an undue risk to the financial stability of the Union or the Member States where it is established; or

(b)

imposing additional prudential requirements on the relevant third-country branch.

Where the competent authority or, where appropriate, the designated authority, considers that a third-country branch has systemic importance, but it decides not to exercise any of the powers referred to in in the first subparagraph, point (a), of this paragraph or in Article 48i, it shall provide a reasoned notification to EBA and to the competent authorities of the Member States where the relevant third-country group has established other third-country branches or subsidiary institutions as to why it has decided not to exercise those powers.

5.   By 31 December 2028, EBA shall report to the European Parliament, to the Council and to the Commission, on:

(a)

the assessment referred to in paragraph 3 of this Article, in particular as regards the identification of third-country branches of the same head undertaking and the functioning of the consultation process laid down in that paragraph;

(b)

the use of the supervisory powers laid down in paragraph 4 of this Article and in Article 48i.

Sub-Section 4

Reporting requirements

Article 48k

Regulatory and financial information on third-country branches and on the head undertaking

1.   Member States shall require third-country branches to periodically report to their competent authorities information on:

(a)

the assets and liabilities held on their books in accordance with Article 48h and the assets and liabilities originated by the third-country branches, with a breakdown that singles out:

(i)

the largest recorded assets and liabilities classified by sector and counterparty type, including, in particular, financial sector exposures;

(ii)

significant exposure and funding source concentrations to specified types of counterparties;

(iii)

significant internal transactions with the head undertaking and with members of the head undertaking’s group;

(b)

the third-country branches’ compliance with the requirements that apply to them under this Directive;

(c)

on an ad hoc basis, the deposit protection arrangements available to depositors in the third-country branches in accordance with Article 15(2) and (3) of Directive 2014/49/EU of the European Parliament and of the Council (*12);

(d)

additional regulatory requirements imposed on the third-country branches by Member States under national law.

For the purposes of reporting the information on the assets and liabilities held on their books in accordance with the first subparagraph, point (a), third-country branches shall apply the international accounting standards as applied in accordance with Regulation (EC) No 1606/2002 of the European Parliament and of the Council (*13) or the applicable generally accepted accounting principles in the Member State.

2.   Member States shall require third-country branches to report to their competent authorities the following information on their head undertaking:

(a)

on a periodic basis, aggregated information on the assets and liabilities held or booked, respectively, by the subsidiaries and other third-country branches of that head undertaking’s group in the Union;

(b)

on a periodic basis, the head undertaking’s compliance with the applicable prudential requirements on an individual and consolidated basis;

(c)

on an ad hoc basis, significant supervisory reviews and assessments, when those are conducted on the head undertaking, and the consequent supervisory decisions;

(d)

the recovery plans of the head undertaking and the specific measures that could be taken on the third-country branches in accordance with those plans, and any subsequent updates and amendments to those plans;

(e)

the head undertaking’s business strategy in relation to the third-country branches and any subsequent changes to that strategy;

(f)

the services provided by the head undertaking to clients established or situated in the Union on the basis of reverse solicitation of services in accordance with Article 21c.

3.   The reporting obligations laid down in this Article shall not prevent a competent authority from imposing additional reporting requirements on third-country branches where it deems additional information is necessary to gain a comprehensive view of the third-country branches’ or their head undertaking’s business, activities or financial soundness, to verify the third-country branches’ and their head undertaking’s compliance with applicable law and to ensure the third-country branches’ compliance with that law.

Article 48l

Standard forms and templates and frequency of reporting

1.   EBA shall develop draft implementing technical standards to specify uniform formats and definitions for, and the frequency of, reporting, and shall develop the IT solutions to be applied for the purposes of Article 48k.

The reporting requirements referred to in Article 48k shall be proportionate to the classification of third-country branches as either class 1 or class 2.

EBA shall submit those draft implementing technical standards to the Commission by 10 January 2026.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010.

2.   The regulatory and financial information referred to in Article 48k shall be reported at least twice a year by class 1 third-country branches and at least annually by class 2 third-country branches.

3.   A competent authority may waive all or part of the requirements to report information on the head undertaking laid down in Article 48k(2) for qualifying third-country branches, provided that that competent authority is able to obtain the relevant information directly from the supervisory authorities of the relevant third country.

SECTION III

Supervision

Article 48m

Supervision of third-country branches and supervisory examination programme

1.   Member States shall require competent authorities to comply with this Section and, mutatis mutandis, with Title VII for the purpose of supervising third-country branches.

2.   Competent authorities shall include third-country branches in the supervisory examination programme referred to in Article 99.

Article 48n

Supervisory review and evaluation process

1.   Member States shall require competent authorities to review the arrangements, strategies, processes and mechanisms implemented by third-country branches to comply with the provisions that apply to them under this Directive and, where applicable, with any additional regulatory requirements under national law.

2.   On the basis of the review referred to in paragraph 1, competent authorities shall evaluate whether the arrangements, strategies, processes and mechanisms implemented by third-country branches and the capital endowment and liquidity held by them ensure a sound management and coverage of their material risks and the viability of the third-country branches.

3.   Competent authorities shall conduct the review and evaluation referred to in paragraphs 1 and 2 of this Article in accordance with the criteria for applying the principle of proportionality published in accordance with Article 143(1), point (c). In particular, competent authorities shall establish a level of frequency and intensity for the review referred to in paragraph 1 of this Article that is proportionate to classification as class 1 and class 2 third-country branches and that takes into account other relevant criteria, such as the nature, scale and complexity of the third-country branches’ activities.

4.   Where a review, in particular of the governance arrangements, the business model, or the activities of the third-country branch, gives competent authorities reasonable grounds to suspect that, in connection with that third-country branch, money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted, or that there is increased risk thereof, the competent authority shall immediately notify EBA and the authority that is responsible for supervising the third-country branch in accordance with Directive (EU) 2015/849. Where there is an increased risk of money laundering or terrorist financing, the competent authority and the authority that is responsible for supervising the third-country branch in accordance with Directive (EU) 2015/849 shall liaise and notify their common assessment immediately to EBA. The competent authority shall take, as appropriate, measures in accordance with this Directive, which may include withdrawing the third-country branch’s authorisation under Article 48d(2), point (g), of this Directive.

5.   The competent authority, the financial intelligence unit and the authority that is responsible for supervising the third-country branch in accordance with Directive (EU) 2015/849 shall cooperate closely with each other within their respective competences and shall exchange information relevant to this Directive, provided that such cooperation and information exchange do not impinge on any ongoing inquiry, investigation or proceedings pursuant to the criminal or administrative law of the Member State where the competent authority, financial intelligence unit or the authority that is responsible for supervising the third-country branch in accordance with Directive (EU) 2015/849 is located. EBA may assist the competent authorities and the authorities responsible for supervising the third-country branch in accordance with Directive (EU) 2015/849 in the event of a disagreement concerning the coordination of supervisory activities under this Article on its own initiative. In such an event, EBA shall act in accordance with Article 19 of Regulation (EU) No 1093/2010.

6.   By 10 July 2026, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to further specify:

(a)

the common procedures and methodologies for the supervisory review and evaluation process referred to in this Article and for the assessment of the treatment of material risks;

(b)

the mechanisms for cooperation and information exchange between the authorities referred to in paragraph 5 of this Article, in particular in the context of identifying serious breaches of anti-money laundering or counter-terrorist financing rules;

(c)

the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in the Member State in accordance with Directive (EU) 2015/849 in the context of the application of Article 27b(2), Article 48c(5) and Article 48d(3) of this Directive.

For the purposes of the first subparagraph, point (a), the procedures and methodologies referred to therein shall be laid down in a manner that is proportionate to the classification of the third-country branches as class 1 or class 2, and to other appropriate criteria such as the nature, scale and complexity of their activities.

Article 48o

Supervisory measures and powers

1.   Competent authorities shall require third-country branches to take the necessary measures at an early stage in order to:

(a)

ensure that the third-country branches comply with the requirements that apply to them under this Directive and under national law or to restore compliance with those requirements; and

(b)

ensure that the material risks that the third-country branches are exposed to are covered and managed in a sound and sufficient manner and that those branches remain viable.

2.   For the purposes of paragraph 1, competent authorities’ powers shall include, at least, the power to require third-country branches to:

(a)

hold an amount of capital endowment in excess of the minimum requirements laid down in Article 48e or to comply with other additional capital requirements; any additional capital endowment amount to be held by the third-country branch in accordance with this point shall comply with the requirements laid down in Article 48e;

(b)

meet other specific liquidity requirements in addition to the requirements laid down in Article 48f; any additional liquid assets to be held by the third-country branch in accordance with this point shall comply with the requirements laid down in Article 48f;

(c)

reinforce their governance, risk management or booking arrangements;

(d)

restrict or limit the scope of their business or of the activities they conduct, as well as the counterparties to those activities;

(e)

reduce the risk inherent in their activities, products and systems, including outsourced activities, and stop engaging in such activities or offering such products;

(f)

comply with additional reporting requirements in accordance with Article 48k(3) or increase the frequency of the regular reporting;

(g)

make public disclosures.

Article 48p

Cooperation between competent authorities and colleges of supervisors

1.   Competent authorities supervising third-country branches and subsidiary institutions of the same third-country group shall cooperate closely and share information with each other. The competent authorities shall have written coordination and cooperation arrangements in place in accordance with Article 115.

2.   For the purposes of paragraph 1 of this Article, class 1 third-country branches shall be subject to the comprehensive supervision of a college of supervisors in accordance with Article 116. For those purposes the following requirements shall apply:

(a)

where a college of supervisors has been established in relation to the subsidiary institutions of a third-country group, the class 1 third-country branches of the same group shall be included within the scope of that college of supervisors;

(b)

where the third-country group has class 1 third-country branches in more than one Member State but no subsidiary institutions in the Union subject to Article 116, a college of supervisors shall be established in relation to those class 1 third-country branches;

(c)

where the third-country group has class 1 third-country branches in more than one Member State or at least one class 1 third-country branch, and one or more subsidiary institutions in the Union that are not subject to Article 116, a college of supervisors shall be established in relation to those third-country branches and subsidiary institutions.

3.   For the purposes of paragraph 2, points (b) and (c), of this Article, Member States shall ensure that there is a lead competent authority that performs the same role as the consolidating supervisor in accordance with Article 116. The lead competent authority shall be that of the Member State with the largest third-country branch in terms of total value of booked assets.

4.   In addition to the tasks set out in Article 116, the college of supervisors shall:

(a)

prepare a report on the structure and activities of the third-country group in the Union and update that report on an annual basis;

(b)

exchange information on the results of the supervisory review and evaluation process referred to in Article 48n;

(c)

endeavour to align the application of the supervisory measures and powers referred to in Article 48o.

5.   The college of supervisors shall ensure appropriate coordination and cooperation with relevant third-country supervisory authorities, where appropriate.

6.   EBA shall contribute to promoting and monitoring the efficient, effective and consistent functioning of the colleges of supervisors referred to in this Article in accordance with Article 21 of Regulation (EU) No 1093/2010.

7.   EBA shall develop draft regulatory technical standards to specify:

(a)

the mechanisms of cooperation and the draft model arrangements between competent authorities for the purposes of paragraph 1; and

(b)

the conditions for the functioning of colleges of supervisors for the purposes of paragraphs 2 to 6.

EBA shall submit those draft regulatory technical standards to the Commission by 10 January 2026.

Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

Article 48q

Notification to EBA

Competent authorities shall notify EBA of the following:

(a)

all authorisations granted to third-country branches and any subsequent changes to such authorisations;

(b)

the total assets and liabilities booked by the authorised third-country branches, as periodically reported;

(c)

the name of the third-country group to which an authorised third-country branch belongs.

EBA shall publish on its website a list of all third-country branches authorised to operate in the Union in accordance with this Title, indicating the Member States in which they are authorised to operate.

CHAPTER 2

RELATIONS WITH THIRD COUNTRIES

Article 48r

Cooperation with supervisory authorities of third countries regarding supervision on a consolidated basis

1.   The Union may conclude agreements with one or more third countries regarding the means of exercising supervision on a consolidated basis over the following:

(a)

institutions the parent undertakings of which have their head offices in a third country;

(b)

institutions situated in third countries the parent undertakings of which, whether institutions, financial holding companies or mixed financial holding companies, have their head offices in the Union.

2.   The agreements referred to in paragraph 1 shall, in particular, seek to ensure that:

(a)

the competent authorities of Member States are able to obtain the information necessary for the supervision, on the basis of their consolidated financial situations, of institutions, financial holding companies and mixed financial holding companies situated in the Union which have as subsidiaries institutions or financial institutions situated in a third country, or holding participation therein;

(b)

the supervisory authorities of third countries are able to obtain the information necessary for the supervision of parent undertakings the head offices of which are situated within their territories and which have as subsidiaries institutions or financial institutions situated in one or more Member States or holding participation therein; and

(c)

EBA is able to obtain from the competent authorities of the Member States the information received from national authorities of third countries in accordance with Article 35 of Regulation (EU) No 1093/2010.

3.   Without prejudice to Article 218 TFEU, the Commission shall, with the assistance of the European Banking Committee, examine the outcome of the negotiations referred to in paragraph 1 of this Article and the resulting situation.

4.   EBA shall assist the Commission for the purposes of this Article in accordance with Article 33 of Regulation (EU) No 1093/2010.

(*11)  Commission Delegated Regulation (EU) 2015/61 of 10 October 2014 to supplement Regulation (EU) No 575/2013 of the European Parliament and the Council with regard to liquidity coverage requirement for Credit Institutions (OJ L 11, 17.1.2015, p. 1)."

(*12)  Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ L 173, 12.6.2014, p. 149)."

(*13)  Regulation (EC) No 1606/2002 of the European Parliament and of the Council of 19 July 2002 on the application of international accounting standards (OJ L 243, 11.9.2002, p. 1).’;"

(14)

in Article 53(1), the second subparagraph is replaced by the following:

‘Confidential information which such persons, auditors or experts receive in the course of their duties may be disclosed only in summary or aggregate form, such that individual credit institutions cannot be identified, without prejudice to cases covered by criminal or tax law.’

;

(15)

in Article 56, the following paragraph is added:

‘Article 53(1) and Article 54 shall not preclude the exchange of information between competent authorities and tax authorities in the same Member State, in accordance with national law. Where the information originates in another Member State, it shall only be exchanged as referred to in the first sentence of this paragraph with the express agreement of the competent authorities which have disclosed it.’

;

(16)

Articles 65 and 66 are replaced by the following:

‘Article 65

Administrative penalties, periodic penalty payments and other administrative measures

1.   Without prejudice to the supervisory powers of competent authorities referred to in Article 64 of this Directive and the right of Member States to provide for and impose criminal penalties, Member States shall lay down rules on administrative penalties, periodic penalty payments and other administrative measures in respect of breaches of national provisions transposing this Directive, of Regulation (EU) No 575/2013 and of decisions taken by a competent authority on the basis of those provisions or that Regulation, and shall take all measures necessary to ensure that they are implemented. The administrative penalties, periodic penalty payments and other administrative measures shall be effective, proportionate and dissuasive.

2.   Member States shall ensure that where the obligations referred to in paragraph 1 of this Article apply to institutions, financial holding companies and mixed financial holding companies, competent authorities may, in the event of a breach of national provisions transposing this Directive, of Regulation (EU) No 575/2013 or of decisions taken by a competent authority on the basis of those provisions or that Regulation, apply administrative penalties, periodic penalty payments and other administrative measures to members of the management body, senior management, key function holders, other members of staff whose professional activities have a material impact on the institution’s risk profile as referred to in Article 92(3) of this Directive and to other natural persons, provided they are responsible for the breach under national law.

3.   The application of periodic penalty payments shall not prevent competent authorities from imposing administrative penalties or other administrative measures for the same breach.

4.   Competent authorities shall have all the information gathering and investigatory powers necessary for the exercise of their functions. Those powers shall include:

(a)

the power to require the following natural or legal persons to provide all the information that is necessary in order for competent authorities to carry out their tasks, including the information required to be provided at recurring intervals and in specified formats for supervisory and related statistical purposes:

(i)

institutions established in the Member State concerned;

(ii)

financial holding companies established in the Member State concerned;

(iii)

mixed financial holding companies established in the Member State concerned;

(iv)

mixed-activity holding companies established in the Member State concerned;

(v)

persons belonging to the entities referred to in points (i) to (iv);

(vi)

third parties to whom the entities referred to in points (i) to (iv) of this point have outsourced functions or activities, including ICT third-party service providers referred to in Chapter V of Regulation (EU) 2022/2554 of the European Parliament and of the Council (*14);

(b)

the power to conduct all necessary investigations of any person referred to in points (a)(i) to (vi) established or located in the Member State concerned where necessary to carry out the tasks of the competent authorities, including the power to:

(i)

require the submission of documents;

(ii)

examine the books and records of the persons referred to in points (a)(i) to (vi) and take copies or extracts from such books and records;

(iii)

obtain written or oral explanations from any person referred to in points (a)(i) to (vi) or their representatives or staff;

(iv)

interview any other person who consents to be interviewed for the purpose of collecting information relating to the subject matter of an investigation; and

(v)

conduct, subject to other conditions set out in Union law, all necessary inspections at the business premises of the legal persons referred to in points (a)(i) to (vi) and any other undertaking included in consolidated supervision where a competent authority is the consolidating supervisor, subject to the prior notification of the competent authorities concerned; if an inspection requires authorisation by a judicial authority under national law, such authorisation shall be applied for.

5.   By way of derogation from paragraph 1, where the legal system of a Member State does not provide for administrative penalties, this Article may be applied in such a manner that the penalty is initiated by the competent authority and imposed by a judicial authority, while ensuring that those legal remedies are effective and have an equivalent effect to the administrative penalties imposed by competent authorities. In any event, the penalties imposed shall be effective, proportionate and dissuasive.

The Member States referred to in the first subparagraph shall communicate to the Commission the measures of national law which they adopt pursuant to this paragraph by 10 January 2026 and, without delay, any subsequent amendments thereto.

Article 66

Administrative penalties, periodic penalty payments and other administrative measures for breaches of authorisation requirements and requirements for acquisitions or divestiture of material holdings, material transfers of assets and liabilities, mergers or divisions

1.   Member States shall ensure that their laws, regulations and administrative provisions provide for administrative penalties, periodic penalty payments and other administrative measures at least where:

(a)

activities as a credit institution are commenced without obtaining prior authorisation in breach of Article 8 of this Directive;

(b)

at least one of the activities referred to in Article 4(1), point (1)(b), of Regulation (EU) No 575/2013 is carried out by an entity that meets the threshold indicated in that point and that is not authorised as a credit institution, except for entities requesting the waiver under Article 8a of this Directive;

(c)

the business of taking deposits or other repayable funds from the public is conducted without being authorised as a credit institution in breach of Article 9 of this Directive;

(d)

a qualifying holding in a credit institution is acquired, directly or indirectly, or further increased, directly or indirectly, such that the proportion of the voting rights or of the capital held would reach or exceed the thresholds referred to in Article 22(1) of this Directive or the credit institution would become the subsidiary of the acquirer, without notifying in writing the competent authorities of the credit institution in relation to which the acquirer seeks to acquire or increase the qualifying holding, during the assessment period, or against the opposition of the competent authorities, in breach of that Article;

(e)

a qualifying holding in a credit institution is disposed of, directly or indirectly, or reduced as a result of which the proportion of the voting rights or of the capital held would fall below the thresholds referred to in Article 25 of this Directive or the credit institution would cease to be a subsidiary of the legal person disposing of the qualifying holding, without notifying in writing the competent authorities, in breach of that Article;

(f)

a financial holding company or mixed financial holding company within the scope of Article 21a(1) of this Directive fails to apply for approval in breach of that Article or breaches any other requirement set out in that Article;

(g)

a proposed acquirer within the meaning of Article 27a(1) of this Directive fails to notify the relevant competent authority of a direct or indirect acquisition of a material holding, in breach of that Article;

(h)

any of the entities referred to in Article 27d of this Directive fails to notify the relevant competent authority of a direct or indirect disposal of a material holding that exceeds 15 % of the eligible capital of that entity;

(i)

any of the entities referred to in Article 27f(1) of this Directive executes a material transfer of assets and liabilities without notifying the competent authorities, in breach of that Article;

(j)

any of the entities referred to in Article 27i(1) of this Directive carries out a merger or division in breach of that Article.

2.   Member States shall ensure that in the cases referred to in paragraph 1, the measures that can be applied include at least the following:

(a)

administrative penalties:

(i)

in the case of a legal person, administrative pecuniary penalties of up to 10 % of the total annual net turnover of the undertaking;

(ii)

in the case of a natural person, administrative pecuniary penalties of up to EUR 5 million or, in the Member States whose currency is not the euro, the corresponding value in the national currency on 17 July 2013;

(iii)

administrative pecuniary penalties of up to twice the amount of the profits gained or losses avoided because of the breach, where those profits gained or losses avoided can be determined;

(b)

periodic penalty payments:

(i)

in the case of a legal person, periodic penalty payments of up to 5 % of the average daily net turnover, which, in the case of an ongoing breach, the legal person shall be obliged to pay per day of breach until compliance with an obligation is restored; the periodic penalty payment may be imposed for a period of up to six months from the date set out in the decision of the competent authority requiring the termination of a breach and imposing the periodic penalty payment;

(ii)

in the case of a natural person, periodic penalty payments of up to EUR 50 000 or, in the Member States whose currency is not the euro, the corresponding value in the national currency on 9 July 2024, which, in the case of an ongoing breach, the natural person shall be obliged to pay per day of breach, until compliance with an obligation is restored; the periodic penalty payment may be imposed for a period of up to six months from the date set out in the decision of the competent authority requiring the termination of a breach and imposing the periodic penalty payment;

(c)

other administrative measures:

(i)

a public statement which identifies the natural person, institution, financial holding company, mixed financial holding company or intermediate EU parent undertaking responsible and the nature of the breach;

(ii)

an order requiring the natural or legal person responsible to cease the conduct and to desist from a repetition of that conduct;

(iii)

suspension of the voting rights of the shareholder or shareholders held responsible for the breaches referred to in paragraph 1;

(iv)

subject to Article 65(2), a temporary ban against a member of the management body or any other natural person who is held responsible for the breach from exercising functions in institutions.

For the purposes of the first subparagraph, point (b), Member States may set a higher maximum amount for periodic penalty payments to be applied per day of breach.

By way of derogation from the first subparagraph, point (b), Member States may apply periodic penalty payments on a weekly or monthly basis. In that case, the maximum amount of periodic penalty payments to be applied for the relevant weekly or monthly period when a breach takes place shall not exceed the maximum amount of periodic penalty payments that would apply on a daily basis in accordance with that point for the relevant period.

Periodic penalty payments may be imposed on a given date and start applying at a later date.

3.   The total annual net turnover referred to in paragraph 2, point (a)(i), of this Article shall be the sum of the following items, determined in accordance with Annexes III and IV to Commission Implementing Regulation (EU) 2021/451 (*15):

(a)

interest income;

(b)

interest expenses;

(c)

expenses on share capital repayable on demand;

(d)

dividend income;

(e)

fee and commission income;

(f)

fee and commission expenses;

(g)

gains or losses on financial assets and liabilities held for trading, net;

(h)

gains or losses on financial assets and liabilities designated at fair value through profit or loss, net;

(i)

gains or losses from hedge accounting, net;

(j)

exchange differences (gain or loss), net;

(k)

other operating income;

(l)

other operating expenses.

For the purposes of this Article, the basis for the calculation shall be the most recent yearly supervisory financial information which produces an indicator above zero. Where the legal person referred to in paragraph 2 of this Article is not subject to Implementing Regulation (EU) 2021/451, the relevant total annual net turnover shall be the total annual net turnover or the corresponding type of income in accordance with the applicable accounting framework. Where the undertaking concerned is part of a group, the relevant total annual net turnover shall be the total annual net turnover resulting from the consolidated account of the ultimate parent undertaking.

4.   The average daily net turnover referred to in paragraph 2, point (b)(i), shall be the total annual net turnover referred to in paragraph 3 divided by 365.

(*14)  Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1)."

(*15)  Commission Implementing Regulation (EU) 2021/451 of 17 December 2020 laying down implementing technical standards for the application of Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to supervisory reporting of institutions and repealing Implementing Regulation (EU) No 680/2014 (OJ L 97, 19.3.2021, p. 1).’;"

(17)

Article 67 is amended as follows:

(a)

paragraph 1 is amended as follows:

(i)

point (d) is replaced by the following:

‘(d)

an institution fails to have in place governance arrangements and gender neutral remuneration policies required by the competent authorities in accordance with Article 74;’

;

(ii)

points (e), (f) and (i) are deleted;

(iii)

point (j) is replaced by the following:

‘(j)

an institution fails to maintain a net stable funding ratio in breach of Article 413 or 428b of Regulation (EU) No 575/2013 or repeatedly and persistently fails to hold liquid assets in breach of Article 412 of that Regulation;’

;

(iv)

points (k) and (l) are deleted;

(v)

the following points are added:

‘(r)

an institution fails to meet the own funds requirements laid down in Article 92(1) of Regulation (EU) No 575/2013;

(s)

an institution or a natural person repeatedly fails to comply with a decision imposed by the competent authority in accordance with national provisions transposing this Directive or in accordance with Regulation (EU) No 575/2013;

(t)

an institution fails to comply with the remuneration requirements laid down in Articles 92, 94 and 95 of this Directive;

(u)

an institution acts without the prior permission of the competent authority where national provisions transposing this Directive or Regulation (EU) No 575/2013 require the institution to obtain such prior permission or an institution obtained such permission through false statements or does not comply with the conditions under which such permission was granted;

(v)

an institution fails to meet the requirements in relation to the composition, conditions, adjustments and deductions related to own funds as laid down in Part Two of Regulation (EU) No 575/2013;

(w)

an institution fails to meet the requirements in relation to its large exposures to a client or a group of connected clients laid down in Part Four of Regulation (EU) No 575/2013;

(x)

an institution fails to meet the requirements in relation to the calculation of the leverage ratio, including the application of derogations laid down in Part Seven of Regulation (EU) No 575/2013;

(y)

an institution fails to report information or provides incomplete or inaccurate information to the competent authority in relation to the data referred to in Article 430(1) to (3) and in Article 430a of Regulation (EU) No 575/2013;

(z)

an institution fails to comply with the data collection and governance requirements laid down in Part Three, Title III, Chapter 2, of Regulation (EU) No 575/2013;

(aa)

an institution fails to meet the requirements in relation to the calculation of the risk-weighted exposure amounts or own funds requirements or fails to have in place the governance arrangements laid down in Part Three, Titles II to VI, of Regulation (EU) No 575/2013;

(ab)

an institution fails to meet the requirements in relation to the calculation of the liquidity coverage ratio or the net stable funding ratio as laid down in Part Six, Titles I and IV of Regulation (EU) No 575/2013 and in Delegated Regulation (EU) 2015/61.’

;

(b)

paragraph 2 is replaced by the following:

‘2.   Member States shall ensure that in the cases referred to in paragraph 1, the measures that can be applied include at least the following:

(a)

administrative penalties:

(i)

in the case of a legal person, administrative pecuniary penalties of up to 10 % of the total annual net turnover of the undertaking;

(ii)

in the case of a natural person, administrative pecuniary penalties of up to EUR 5 million or, in the Member States whose currency is not the euro, the corresponding value in the national currency on 17 July 2013;

(iii)

administrative pecuniary penalties of up to twice the amount of the profits gained or losses avoided because of the breach, where those profits gained or losses avoided can be determined;

(b)

periodic penalty payments:

(i)

in the case of a legal person, periodic penalty payments of up to 5 % of the average daily net turnover which, in the case of an ongoing breach, the legal person shall be obliged to pay per day of breach until compliance with an obligation is restored; the periodic penalty payment may be imposed for a period of up to six months from the date set out in the decision of the competent authority requiring the termination of a breach and imposing the periodic penalty payment;

(ii)

in the case of a natural person, periodic penalty payments of up to EUR 50 000 or, in the Member States whose currency is not the euro, the corresponding value in the national currency on 9 July 2024, which, in the case of an ongoing breach, the natural person shall be obliged to pay per day of breach, until compliance with an obligation is restored; the periodic penalty payment may be imposed for a period of up to six months from the date set out in the decision of the competent authority requiring the termination of a breach and imposing the periodic penalty payment;

(c)

other administrative measures:

(i)

a public statement which identifies the natural person, institution, financial holding company, mixed financial holding company or intermediate EU parent undertaking responsible and the nature of the breach;

(ii)

an order requiring the natural or legal person responsible to cease the conduct and to desist from a repetition of that conduct;

(iii)

in the case of an institution, withdrawal of the authorisation of the institution in accordance with Article 18;

(iv)

subject to Article 65(2), a temporary ban against a member of the management body or any other natural person who is held responsible for the breach from exercising functions in institutions.

For the purposes of the first subparagraph, point (b), Member States may set a higher maximum amount for periodic penalty payments to be applied per day of breach.

By way of derogation from the first subparagraph, point (b), Member States may apply periodic penalty payments on a weekly or monthly basis. In that case, the maximum amount of periodic penalty payments to be applied for the relevant weekly or monthly period when a breach takes place shall not exceed the maximum amount of periodic penalty payments that would apply on a daily basis in accordance with that point for the relevant period.

Periodic penalty payments may be imposed on a given date and start applying at a later date.’

;

(c)

the following paragraphs are added:

‘3.   The total annual net turnover referred to in paragraph 2, point (a)(i), of this Article shall be the sum of the following items, determined in accordance with Annexes III and IV to Implementing Regulation (EU) 2021/451:

(a)

interest income;

(b)

interest expenses;

(c)

expenses on share capital repayable on demand;

(d)

dividend income;

(e)

fee and commission income;

(f)

fee and commission expenses;

(g)

gains or losses on financial assets and liabilities held for trading, net;

(h)

gains or losses on financial assets and liabilities designated at fair value through profit or loss, net;

(i)

gains or losses from hedge accounting, net;

(j)

exchange differences (gain or loss), net;

(k)

other operating income;

(l)

other operating expenses.

For the purposes of this Article, the basis for the calculation shall be the most recent yearly supervisory financial information which produces an indicator above zero. Where the legal person referred to in paragraph 2 of this Article is not subject to Implementing Regulation (EU) 2021/451, the relevant total annual net turnover shall be the total annual net turnover or the corresponding type of income in accordance with the applicable accounting framework. Where the undertaking concerned is part of a group, the relevant total annual net turnover shall be the total annual net turnover resulting from the consolidated account of the ultimate parent undertaking.

4.   The average daily net turnover referred to in paragraph 2, point (b)(i), shall be the total annual net turnover referred to in paragraph 3 divided by 365.’

;

(18)

Article 70 is replaced by the following:

‘Article 70

Effective application of administrative penalties and other administrative measures, and exercise of powers to impose penalties by competent authorities

1.   Member States shall ensure that, when determining the type and level of administrative penalties or other administrative measures, the competent authorities shall take into account all relevant circumstances, including, where appropriate:

(a)

the gravity and the duration of the breach;

(b)

the degree of responsibility of the natural or legal person responsible for the breach;

(c)

the financial strength of the natural or legal person responsible for the breach, as indicated, inter alia, by the total turnover of a legal person or the annual income of a natural person;

(d)

the importance of profits gained or losses avoided by the natural or legal person responsible for the breach, insofar as they can be determined;

(e)

the losses for third parties caused by the breach, insofar as they can be determined;

(f)

the level of cooperation of the natural or legal person responsible for the breach with the competent authority;

(g)

previous breaches by the natural or legal person responsible for the breach;

(h)

any potential systemic consequences of the breach;

(i)

criminal penalties previously imposed for the same breach on the natural or legal person responsible for that breach.

2.   In the exercise of their powers to impose administrative penalties and other administrative measures, competent authorities shall cooperate closely to ensure that those penalties and measures produce the results aimed at by this Directive. They shall also coordinate their actions to prevent accumulation and overlap when applying administrative penalties and other administrative measures to cross-border cases.

3.   Competent authorities may apply penalties in relation to the same natural or legal person responsible for the same act or omission in the case of an accumulation of administrative and criminal proceedings related to the same breach. However, such accumulation of proceedings and penalties shall be strictly necessary and proportionate to pursue different and complementary objectives of general interest.

4.   Member States shall have in place appropriate mechanisms ensuring that competent authorities and judicial authorities are duly informed, in a timely manner, where administrative proceedings and criminal proceedings are initiated against the same natural or legal person that may be held responsible for the same conduct in both proceedings.

5.   By 18 July 2029, EBA shall submit a report to the Commission on the cooperation between competent authorities in the context of the application of administrative penalties, periodic penalty payments and other administrative measures. In addition, EBA shall assess any divergences in the application of administrative penalties between competent authorities in that respect. In particular, EBA shall assess:

(a)

the level of cooperation between competent authorities in the context of penalties applicable to cross-border cases or in the case of accumulation of administrative and criminal proceedings;

(b)

the exchange of information between competent authorities when dealing with cross-border cases;

(c)

best practices developed by any competent authority which might be of benefit for other competent authorities to adopt in the area of administrative penalties, periodic penalty payments and other administrative measures;

(d)

the effectiveness and the degree of convergence reached with regard to the enforcement of national provisions transposing this Directive and Regulation (EU) No 575/2013, including the administrative penalties, periodic penalty payments and other administrative measures imposed on natural or legal persons identified as responsible for the breach under national law.’

;

(19)

in Article 73, the first paragraph is replaced by the following:

‘Institutions shall have in place sound, effective and comprehensive strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed. Institutions shall explicitly take into account the short, medium and long term for the coverage of ESG risks.’

;

(20)

in Article 74, paragraph 1 is replaced by the following:

‘1.   Institutions shall have robust governance arrangements, which include:

(a)

a clear organisational structure with well-defined, transparent and consistent lines of responsibility;

(b)

effective processes to identify, manage, monitor and report the risks they are or might be exposed to, including ESG risks in the short, medium and long term;

(c)

adequate internal control mechanisms, including sound administration and accounting procedures;

(d)

network and information systems that are set up and managed in accordance with Regulation (EU) 2022/2554;

(e)

remuneration policies and practices that are consistent with and promote sound and effective risk management, including by taking into account the institutions’ risk appetite in terms of ESG risks.

The remuneration policies and practices referred to in the first subparagraph, point (e), shall be gender neutral.’

;

(21)

Article 76 is amended as follows:

(a)

paragraph 1 is replaced by the following:

‘1.   Member States shall ensure that the management body approves and at least every two years reviews the strategies and policies for taking up, managing, monitoring and mitigating the risks the institution is or might be exposed to, including those posed by the macroeconomic environment in which it operates in relation to the status of the business cycle, and those resulting from the current and short-, medium- and long-term impacts of environmental, social and governance (ESG) factors.

Member States may, taking into consideration the principle of proportionality, allow the management bodies of small and non-complex institutions to review the strategies and policies referred to in the first subparagraph every two years.’

;

(b)

in paragraph 2, the following subparagraphs are added:

‘Member States shall ensure that the management body develops and monitors the implementation of specific plans that include quantifiable targets and processes to monitor and address the financial risks arising in the short, medium and long term from ESG factors, including those arising from the process of adjustment and from transition trends in the context of the relevant Union and Member State regulatory objectives and legal acts in relation to ESG factors, in particular the objective to achieve climate neutrality, as well as, where relevant for internationally active institutions, third-country legal and regulatory objectives.

The quantifiable targets and processes to address the ESG risks included in the plans referred to in the second subparagraph of this paragraph shall consider the latest reports and measures prescribed by the European Scientific Advisory Board on Climate Change, in particular in relation to the achievement of the climate targets of the Union. Where the institution discloses information on ESG matters in accordance with Directive 2013/34/EU of the European Parliament and of the Council (*16), the plans referred to in the second subparagraph of this paragraph shall be consistent with the plans referred to in Article 19a or 29a of that Directive and shall, in particular, include actions with regard to the business model and strategy of the institution that are consistent across both plans.

Member States shall ensure a proportionate application of the second and third subparagraphs for the management bodies of small and non-complex institutions, indicating in what areas a waiver or a simplified procedure may be applied.

(*16)  Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 19).’;"

(c)

in paragraph 4, the second subparagraph is replaced by the following:

‘The management body in its supervisory function and, where one has been established, the risk committee shall determine the nature, the amount, the format, and the frequency of the information on risk which it is to receive. In order to assist in the establishment of sound remuneration policies and practices, the risk committee shall, without prejudice to the tasks of the remuneration committee, examine whether incentives provided by the remuneration system take into consideration risks, including those resulting from the impacts of ESG factors, capital, liquidity and the likelihood and timing of earnings.’

;

(d)

paragraph 5 is replaced by the following:

‘5.   Member States shall, in accordance with the proportionality requirement laid down in Article 7(2) of Commission Directive 2006/73/EC (*17), ensure that institutions have internal control functions independent of the operational functions and which shall have sufficient authority, stature, resources and access to the management body.

Member States shall ensure that:

(a)

the internal control functions ensure that all material risks are properly identified, measured and reported;

(b)

the internal control functions provide a comprehensive view of the whole range of risks that the institution is exposed to;

(c)

the risk management function is actively involved in elaborating the institution’s risk strategy and in all its material risk management decisions and has control over the effective implementation of the risk strategy;

(d)

the internal audit function performs an independent review of the effective implementation of the institution’s risk strategy;

(e)

the compliance function assesses and mitigates compliance risk and ensures that the institution’s risk strategy takes into account compliance risk and that compliance risk is adequately taken into account in all material risk management decisions.

(*17)  Commission Directive 2006/73/EC of 10 August 2006 implementing Directive 2004/39/EC of the European Parliament and of the Council as regards organisational requirements and operating conditions for investment firms and defined terms for the purposes of that Directive (OJ L 241, 2.9.2006, p. 26).’;"

(e)

the following paragraph is added:

‘6.   Member States shall ensure that the internal control functions have direct access and can report directly to the management body in its supervisory function.

To that end, the internal control functions shall be independent of the members of the management body in its management function and of senior management, and shall in particular be able to raise concerns and warn the management body in its supervisory function, where appropriate, or where specific risk developments affect or can affect the institution, without prejudice to the responsibilities of the management body pursuant to this Directive and Regulation (EU) No 575/2013.

The heads of internal control functions shall be independent senior managers with distinct responsibility for the risk management, compliance and internal audit functions. Where the nature, scale and complexity of the activities of the institution do not justify appointing a specific person for the risk management function or the compliance function, another senior person that performs other tasks within the institution may fulfil the responsibilities for the compliance or risk management functions, provided that there is no conflict of interest and that the person responsible for the risk management function and the compliance function:

(a)

fulfils the suitability criteria and requirements of knowledge, skills and experience necessary for the different areas concerned; and

(b)

has sufficient time to perform both control functions correctly.

The internal audit function shall not be combined with any other business line or control function of the institution.

The heads of the internal control functions shall not be removed without prior approval of the management body in its supervisory function.’

;

(22)

Article 77 is amended as follows:

(a)

paragraph 3 is replaced by the following:

‘3.   Competent authorities shall encourage institutions, taking into account their size, internal organisation and the nature, scale and complexity of their activities, to develop internal market risk assessment capacity and to increase the use of internal models for calculating own funds requirements for portfolios of trading book positions, together with internal models to calculate own funds requirements for default risk where their exposures to default risk are material in absolute terms and where they have a large number of material positions in traded debt or equity instruments of different issuers.

This Article is without prejudice to the fulfilment of the criteria laid down in Part Three, Title IV, Chapter 1b, of Regulation (EU) No 575/2013.’

;

(b)

in paragraph 4, the first subparagraph is replaced by the following:

‘EBA shall develop draft regulatory technical standards to define the concept of “exposures to default risk which are material in absolute terms” referred to in paragraph 3, first subparagraph, and the thresholds for large numbers of material counterparties and positions in traded debt or equity instruments of different issuers.’

;

(23)

Article 78 is amended as follows:

(a)

the title is replaced by the following:

‘Supervisory benchmarking of approaches for calculating own funds requirements’

;

(b)

paragraph 1 is replaced by the following:

‘1.   Competent authorities shall ensure all of the following:

(a)

that institutions permitted to use internal approaches for the calculation of risk-weighted exposure amounts or own funds requirements report the results of their calculations for their exposures or positions that are included in the benchmark portfolios;

(b)

that institutions using the alternative standardised approach set out in Part Three, Title IV, Chapter 1a, of Regulation (EU) No 575/2013 report the results of their calculations for their exposures or positions that are included in the benchmark portfolios, provided that the size of the institutions’ on- and off-balance-sheet business that is subject to market risk is equal to or greater than EUR 500 million in accordance with Article 325a(1), point (b), of that Regulation;

(c)

that institutions permitted to use internal approaches under Part Three, Title II, Chapter 3, of Regulation (EU) No 575/2013, as well as relevant institutions that apply the standardised approach under Part Three, Title II, Chapter 2, of that Regulation, report the results of the calculations of the approaches used for the purpose of determining the amount of expected credit losses for their exposures or positions that are included in the benchmark portfolios, where any of the following conditions is met:

(i)

institutions prepare their accounts in conformity with international accounting standards as applied in accordance with Regulation (EC) No 1606/2002;

(ii)

institutions undertake the valuation of assets and off-balance-sheet items and the determination of their own funds in conformity with international accounting standards pursuant to Article 24(2) of Regulation (EU) No 575/2013;

(iii)

institutions undertake the valuation of assets and off-balance-sheet items in conformity with accounting standards under Council Directive 86/635/EEC (*18) and use an expected credit loss model that is the same as the one used in international accounting standards as applied in accordance with Regulation (EC) No 1606/2002.

Institutions shall submit the results of the calculations referred to in the first subparagraph together with an explanation of the methodologies used to produce them and any qualitative information, as requested by EBA, that can explain the impact of those calculations on own funds requirements. Those results shall be submitted at least annually to the competent authorities. EBA may conduct a supervisory benchmarking exercise every two years for each approach referred to in the first subparagraph after that exercise has run five times for each single approach.

(*18)  Council Directive 86/635/EEC of 8 December 1986 on the annual accounts and consolidated accounts of banks and other financial institutions (OJ L 372, 31.12.1986, p. 1).’;"

(c)

paragraph 3 is amended as follows:

(i)

the introductory wording is replaced by the following:

‘Competent authorities shall, on the basis of the information submitted by institutions in accordance with paragraph 1, monitor the range of risk-weighted exposure amounts or own funds requirements, as applicable, for the exposures or transactions in the benchmark portfolio resulting from the approaches of those institutions. Competent authorities shall make an assessment of the quality of those approaches with at least the same frequency as the EBA exercise referred to in paragraph 1, second subparagraph, paying particular attention to:’

;

(ii)

point (b) is replaced by the following:

‘(b)

approaches where there is particularly high or low variability, and also where there is a significant and systematic under-estimation of own funds requirements.’

;

(iii)

the second subparagraph is replaced by the following:

‘EBA shall produce a report to assist the competent authorities in the assessment of the quality of the approaches based on the information referred to in paragraph 2.’

;

(d)

in paragraph 5, the introductory wording is replaced by the following:

‘The competent authorities shall ensure that their decisions on the appropriateness of corrective actions, as referred to in paragraph 4, comply with the principle that such actions must maintain the objectives of the approaches within the scope of this Article and therefore do not:’

;

(e)

paragraph 6 is replaced by the following:

‘6.   EBA may issue guidelines and recommendations in accordance with Article 16 of Regulation (EU) No 1093/2010 where it considers them necessary on the basis of the information and assessments referred to in paragraphs 2 and 3 of this Article in order to improve supervisory practices or practices of institutions with regard to the approaches within the scope of the supervisory benchmarking.’

;

(f)

paragraph 8 is amended as follows:

(i)

in the first subparagraph, the following point is added:

‘(c)

the list of relevant institutions referred to in paragraph 1, point (c).’

;

(ii)

the following subparagraph is inserted after the first subparagraph:

‘For the purposes of point (c), when determining the list of relevant institutions, EBA shall take into account proportionality considerations.’

;

(24)

in Article 79, the following point is added:

‘(e)

institutions conduct an ex ante assessment of any crypto-asset exposure they intend to take on and of the adequacy of existing processes and procedures to manage counterparty risk, and report on those assessments to their competent authority.’

;

(25)

Article 81 is replaced by the following:

‘Article 81

Concentration risk

Competent authorities shall ensure that the concentration risk arising from exposures to each counterparty, including central counterparties, groups of connected counterparties, and counterparties in the same economic sector, geographic region or from the same activity or commodity, the application of credit risk mitigation techniques, and including in particular risks associated with large indirect credit exposures, such as a single collateral issuer, is addressed and controlled, including by means of written policies and procedures. For crypto-assets without an identifiable issuer, the concentration risk shall be considered in terms of exposure to the crypto-assets with similar features.’

;

(26)

in Article 83, the following paragraph is added:

‘4.   Competent authorities shall ensure that institutions conduct an ex ante assessment of any crypto-asset exposure they intend to take on and of the adequacy of existing processes and procedures to manage market risk, and report on those assessments to their competent authority.’

;

(27)

in Article 85, paragraph 1 is replaced by the following:

‘1.   Competent authorities shall ensure that institutions implement policies and processes to evaluate and manage exposures to operational risk, including risks arising from outsourcing arrangements and direct and indirect crypto-asset exposures and exposures to crypto-asset service providers, and to cover low-frequency high-severity events. Institutions shall articulate what constitutes operational risk for the purposes of those policies and procedures.’

;

(28)

the following article is inserted:

‘Article 87a

Environmental, social and governance risks

1.   Competent authorities shall ensure that institutions have, as part of their governance arrangements, including the risk management framework required under Article 74(1), robust strategies, policies, processes and systems for the identification, measurement, management and monitoring of ESG risks over the short, medium and long term.

2.   The strategies, policies, processes and systems referred to in paragraph 1 shall be proportionate to the scale, nature and complexity of the ESG risks of the business model and scope of the institution’s activities, and consider the short and medium term, and a long-term time horizon of at least 10 years.

3.   Competent authorities shall ensure that institutions test their resilience to long-term negative impacts of ESG factors, both under baseline and adverse scenarios within a given timeframe, starting with climate-related factors. For such resilience testing, competent authorities shall ensure that institutions include a number of ESG scenarios reflecting potential impacts of environmental and social changes and associated public policies on the long-term business environment. Competent authorities shall ensure that in the resilience testing process, institutions use credible scenarios, based on the scenarios elaborated by international organisations.

4.   Competent authorities shall assess and monitor the development of institutions’ practices concerning their ESG strategies and risk management, including the plans that include quantifiable targets and processes to monitor and address the ESG risks arising in the short, medium and long term, to be prepared in accordance with Article 76(2). That assessment shall take into account the institutions’ sustainability-related product offerings, their transition finance policies, related loan origination policies, and ESG-related targets and limits. Competent authorities shall assess the robustness of those plans as part of the supervisory review and evaluation process.

Where relevant, for the assessment referred to in the first subparagraph, competent authorities may cooperate with authorities or public bodies in charge of climate change and environmental supervision.

5.   By 10 January 2026, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to specify:

(a)

the minimum standards and reference methodologies for the identification, measurement, management and monitoring of ESG risks;

(b)

the content of plans to be prepared in accordance with Article 76(2), which shall include specific timelines and intermediate quantifiable targets and milestones, in order to monitor and address the financial risks arising from ESG factors, including those arising from the process of adjustment and from transition trends in the context of the relevant Union and Member States regulatory objectives and legal acts in relation to ESG factors, in particular the objective to achieve climate neutrality, as well as, where relevant for internationally active institutions, third-country legal and regulatory objectives;

(c)

qualitative and quantitative criteria for assessing the impact of ESG risks on the risk profile and solvency of institutions in the short, medium and long term;

(d)

criteria for setting the scenarios referred to in paragraph 3, including the parameters and assumptions to be used in each of the scenarios, specific risks and time horizons.

Where relevant, the methodologies and assumptions sustaining the targets, the commitments and strategic decisions disclosed by the content of the plans referred to in Article 19a or 29a of Directive 2013/34/EU, or other relevant disclosure and due diligence frameworks, shall be consistent with the criteria, methodologies and the targets as referred to in the first subparagraph of this paragraph, and also with the assumptions and commitments included in those plans.

EBA shall update the guidelines referred to in the first subparagraph on a regular basis, to reflect the progress made in measuring and managing ESG risks as well as the development of the Union regulatory objectives on sustainability.’

;

(29)

Article 88 is amended as follows:

(a)

in paragraph 1, second subparagraph, point (e) is replaced by the following:

‘(e)

the Chair of the management body in its supervisory function of an institution shall not exercise simultaneously the functions of a chief executive officer within the same institution.’

;

(b)

the following paragraph is added:

‘3.   Without prejudice to the overall collective responsibility of the management body, Member States shall ensure that institutions draw up, maintain and update individual statements setting out the roles and duties of all members of the management body in its management function, of senior management and of key function holders and a mapping of duties, including details of the reporting lines, of the lines of responsibility, and of the persons who are part of the governance arrangements as referred to in Article 74(1) and of their duties.

Member States shall ensure that the individual statements of duties and the mapping of duties are made available at all times and communicated, including to obtain authorisation as set out in Article 8, in due time, upon request, to the competent authorities.’

;

(30)

Article 91 is replaced by the following:

‘Article 91

Management body and suitability assessment

1.   Institutions, and financial holding companies and mixed financial holding companies that have been granted approval in accordance with Article 21a(1) (“the entities”), shall have the primary responsibility for ensuring that members of the management body are at all times of sufficiently good repute, act with honesty, integrity and independence of mind and possess sufficient knowledge, skills and experience to perform their duties and fulfil the criteria and requirements set out in paragraphs 2 to 6 of this Article, except as regards temporary administrators appointed by competent authorities under Article 29(1) of Directive 2014/59/EU and special managers appointed by resolution authorities under Article 35(1) of that Directive. The absence of a criminal conviction or of ongoing prosecutions for a criminal offence shall not in itself be sufficient to fulfil the requirement to be of good repute and act with honesty and integrity.

1a.   The entities shall ensure that members of the management body fulfil at all times the criteria and requirements set out in paragraphs 2 to 6 and shall assess the suitability of members of the management body taking into account supervisory expectations, before they take up their position and periodically, as laid down in applicable laws and regulations, guidelines and internal suitability policies.

However, where the majority of the members of the management body is to be replaced at the same time by newly appointed members and the application of the first subparagraph would lead to a situation where the suitability assessment of the incoming members would be carried out by the outgoing members, Member States may allow the assessment to take place after the newly appointed members have taken up their position. When submitting the application to the competent authority, in accordance with paragraph 1f, the entity shall also confirm the existence of those conditions.

1b.   Where the entities conclude, based on the internal suitability assessment referred to in paragraph 1a, that the member or the prospective member concerned does not fulfil the criteria and requirements set out in paragraph 1, the entities shall:

(a)

ensure that the prospective member concerned does not take up the position under consideration where that assessment is completed before the prospective member takes up that position;

(b)

remove such a member from the management body, in a timely manner; or

(c)

take the additional measures, in a timely manner, necessary to ensure that such a member is or becomes suitable for the position concerned.

1c.   The entities shall ensure that information about the suitability of the members of the management body remains up-to-date. The entities shall, upon request, provide that information to the competent authority through means determined by the competent authority.

1d.   Member States shall at least ensure that for the following entities, the competent authority receives a suitability application without undue delay, and as soon as there is a clear intention to appoint a member of the management body in its management function or the chair of the management body in its supervisory function, and, in any event, at the latest 30 working days before the prospective members take up their position:

(a)

EU parent institutions that qualify as large institutions;

(b)

parent institutions in a Member State that qualify as large institutions, except where they are affiliated to a central body;

(c)

central bodies that qualify as large institutions or that supervise large institutions affiliated to them;

(d)

stand-alone institutions in the Union that qualify as large institutions;

(e)

large subsidiaries, as defined in Article 4(1), point (147), of Regulation (EU) No 575/2013;

(f)

parent financial holding companies in a Member State, parent mixed financial holding companies in a Member State, EU parent financial holding companies and EU parent mixed financial holding companies, having large institutions within their group, except those falling under Article 21a(4) of this Directive.

1e.   The suitability application referred to in paragraph 1d shall be accompanied by:

(a)

a suitability questionnaire and a curriculum vitae;

(b)

the internal suitability assessment referred to in paragraph 1a, unless the second subparagraph of that paragraph applies;

(c)

criminal records, as soon as they become available;

(d)

any other documents required under national law, as soon as they become available;

(e)

any other documents listed by the competent authority, as soon as they become available; and

(f)

an indication of the date of appointment and the date on which the duties will be effectively taken up.

The entities shall provide the suitability application and the accompanying documents to the competent authority through means determined by the competent authority.

Where a competent authority does not have sufficient information to conduct the suitability assessment based on the items listed in the first subparagraph of this paragraph, it may require that the prospective member does not take up the position before the required information has been provided, unless the competent authority is satisfied that it is not possible for such information to be provided.

Where the competent authority has concerns as to whether the prospective member fulfils the criteria and requirements set out in paragraphs 2 to 6 of this Article, it shall engage in an enhanced dialogue with the institution to address the identified concerns with a view to ensuring that the prospective member is or becomes suitable when taking up the position.

EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to specify how the enhanced dialogue to address suitability concerns is to be carried out.

1f.   Member States shall ensure that competent authorities assess whether the members of the management body fulfil at all times the criteria and requirements set out in paragraphs 2 to 6. The entities shall provide the suitability application and other information necessary for assessing the suitability of members of their management body to the competent authority through means determined by the competent authority.

Competent authorities may request additional information or documentation, including interviews or hearings.

1g.   The competent authorities shall, in particular, verify whether the criteria and requirements set out in paragraphs 2 to 6 of this Article are still fulfilled where there are reasonable grounds to suspect that money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted, or that there is an increased risk thereof, in connection with the entity.

1h.   Where members of the management body do not at all times fulfil the criteria and requirements set out in paragraphs 2 to 6, Member States shall ensure that competent authorities have the necessary powers to:

(a)

in the case of ex ante assessment, prevent such members from being part of, or remove them from, the management body;

(b)

in the case of ex post assessment, remove such members from the management body; or

(c)

require the entities concerned to take additional measures necessary to ensure that such members are or become suitable for the position concerned.

As soon as any new facts or other circumstances that could affect the suitability of the members of the management body become known, the entities shall reassess the suitability of those members and shall inform without undue delay the competent authority thereof.

Where the competent authority becomes aware that the relevant information concerning the suitability of the members of the management body has changed and such change could affect the suitability of the members concerned, the competent authority shall reassess their suitability.

Competent authorities shall not be required to reassess the suitability of the members of the management body when their mandate is renewed unless relevant information that is known to competent authorities has changed and such change could affect the suitability of the member concerned.

1i.   Competent authorities may request the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in accordance with Directive (EU) 2015/849 to consult, in the context of their verifications, and on a risk-sensitive basis, the relevant information concerning the members of the management body. Competent authorities may also request access to the central AML/CFT database referred to in Regulation (EU) 2024/1620 of the European Parliament and of the Council (*19). The Authority for Anti-Money Laundering and Countering the Financing of Terrorism established by that Regulation (the “Authority for Anti-Money Laundering and Countering the Financing of Terrorism”) shall decide whether to grant such access.

1j.   At least with respect to the appointment of members of the management body for a position in the entities referred to in paragraph 1d, competent authorities shall duly consider setting a maximum period for concluding the suitability assessment. That maximum period may be extended, where appropriate.

2.   Each member of the management body shall commit sufficient time to performing that member’s functions in the entities.

2a.   Each member of the management body shall be of good repute, act with honesty, integrity and independence of mind to effectively assess and challenge the decisions of the management body where necessary and to effectively oversee and monitor management decision-making. Being a member of the management body of a credit institution permanently affiliated to a central body shall not in itself constitute an obstacle for acting with independence of mind.

2b.   The management body shall possess adequate collective knowledge, skills and experience to be able to understand the entity’s activities, as well as the associated risks it is exposed to, and the impacts it creates in the short, medium and long term, taking into account ESG factors. The overall composition of the management body shall be sufficiently diversified to reflect an adequately broad range of experience.

3.   The number of directorships which a member of the management body may hold simultaneously shall take into account individual circumstances and the nature, scale and complexity of the entity’s activities. Unless where members of the management body represent the interests of a Member State, members of the management body of an entity that is significant in terms of its size, internal organisation and the nature, scope and complexity of its activities shall, from 1 July 2014, not hold more than one of the following combinations of directorships simultaneously:

(a)

one executive directorship with two non-executive directorships;

(b)

four non-executive directorships.

4.   For the purposes of paragraph 3, the following shall count as a single directorship:

(a)

executive or non-executive directorships held within the same group;

(b)

executive or non-executive directorships held within either of the following:

(i)

entities which are members of the same institutional protection scheme provided that the conditions set out in Article 113(7) of Regulation (EU) No 575/2013 are fulfilled or entities where the same institutional protection scheme holds a qualifying holding;

(ii)

undertakings, including non-financial entities, in which the entity holds a qualifying holding.

For the purposes of the first subparagraph, point (a), of this paragraph, a group shall mean a group of undertakings that are related to each other as described in Article 22 of Directive 2013/34/EU or a group of undertakings that are subsidiaries of the same financial holding company or mixed financial holding company.

5.   Directorships in organisations which do not pursue predominantly commercial objectives shall not count for the purposes of paragraph 3.

6.   Competent authorities may authorise members of the management body to hold one additional non-executive directorship.

7.   Entities shall devote adequate human and financial resources to the induction and training of members of the management body, including on ESG risks and impacts and on ICT risk as defined in Article 4(1), point (52c), of Regulation (EU) No 575/2013.

8.   Member States or competent authorities shall require entities and their respective nomination committees, where established, to engage a broad set of qualities and competences when recruiting members and to proportionally promote diversity and gender balance in the management body. For that purpose, entities shall put in place a policy promoting diversity in the management body.

9.   Competent authorities shall collect the information disclosed in accordance with Article 435(2), point (c), of Regulation (EU) No 575/2013 and shall use that information to benchmark diversity practices. Competent authorities shall provide EBA with that information. EBA shall use that information to benchmark diversity practices at Union level.

10.   For the purposes of this Article and Article 91a, EBA shall develop draft regulatory technical standards for the entities listed in paragraph 1d of this Article to further specify the minimum content of the suitability questionnaire, curricula vitae and the internal suitability assessment to be submitted to the competent authorities for conducting the suitability assessment referred to in paragraph 1f of this Article and in Article 91a(5).

Member States shall ensure that appropriate standards are developed for entities other than those referred to in paragraph 1d of this Article.

EBA shall submit the draft regulatory technical standards referred to in the first subparagraph to the Commission by 10 July 2026.

Power is delegated to the Commission to supplement this Directive by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Article 10 to 14 of Regulation (EU) No 1093/2010.

11.   By 10 July 2026, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, on the following:

(a)

the notion of a sufficient time commitment of a member of the management body to perform his or her functions, by reference to the individual circumstances and the nature, scale and complexity of the activities of the entity;

(b)

the notions of good repute, honesty, integrity and independence of mind of a member of the management body as referred to in paragraph 2a;

(c)

the notion of adequate collective knowledge, skills and experience of the management body as referred to in paragraph 2b;

(d)

the notion of adequate human and financial resources devoted to the induction and training of members of the management body as referred to in paragraph 7;

(e)

the notion of diversity to be taken into account for the selection of members of the management body as referred to in paragraph 8;

(f)

the criteria to determine whether there are reasonable grounds to suspect that money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted, or that there is an increased risk thereof, in connection with the entity.

For the purposes of the first subparagraph, point (f), EBA shall closely cooperate with ESMA and with the Authority for Anti-Money Laundering and Countering the Financing of Terrorism.

12.   By 31 December 2029, EBA, in close cooperation with the ECB, shall review and report on the application of paragraphs 1d to 1j and on their effectiveness in ensuring that the “fit-and-proper” framework is fit for purpose, taking into account the principle of proportionality. EBA shall submit that report to the European Parliament and to the Council. On the basis of that report, the Commission shall submit a legislative proposal, if appropriate.

13.   This Article and Article 91a shall be without prejudice to provisions of the Member States on the representation of employees in the management body.

14.   This Article and Article 91a shall be without prejudice to provisions of the Member States on the appointment of members of the management body in its supervisory function by regional or local elected bodies or on appointments where the management body does not have any competence in the process of selecting and appointing its members. In those cases, appropriate safeguards shall be put in place to ensure the suitability of those members of the management body.

(*19)  Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj).’;"

(31)

the following article is inserted:

‘Article 91a

Key function holders and suitability assessment

1.   The entities referred to in Article 91(1) shall have the primary responsibility for ensuring that key function holders are at all times of sufficiently good repute, act with honesty and integrity and possess sufficient knowledge, skills and experience necessary to perform their duties. The absence of a criminal conviction or of ongoing prosecutions for a criminal offence shall not in itself be sufficient to fulfil the requirement to be of good repute and act with honesty and integrity.

2.   The entities shall ensure that key function holders fulfil at all times the criteria and requirements set out in paragraph 1 and shall assess the suitability of key function holders before they take up their position and periodically, taking into account supervisory expectations, as laid down in applicable laws and regulations, guidelines and internal suitability policies.

3.   Where the entities conclude, based on the internal suitability assessment referred to in paragraph 2, that a person does not fulfil the criteria and requirements set out in paragraph 1, the entities shall:

(a)

not appoint that person as a key function holder, where that assessment is completed before the person takes up the position;

(b)

remove that person as a key function holder, in a timely manner; or

(c)

take the additional measures, in a timely manner, necessary to ensure that such a person is or becomes suitable for the position concerned.

The entities shall take all measures necessary to ensure the appropriate functioning of the position of a key function holder, including replacing the key function holder if that person ceases to meet the suitability criteria and requirements.

4.   The entities shall ensure that information about the suitability of the key function holders remains up-to-date. The entities shall, upon request, provide that information to the competent authority through means determined by the competent authority.

5.   Member States shall ensure that competent authorities assess that the heads of internal control functions and the chief financial officer fulfil at all times the criteria and requirements set out in paragraph 1 where those heads or the officer are appointed for roles at least in the following entities:

(a)

EU parent institutions that qualify as large institutions;

(b)

parent institutions in a Member State that qualify as large institutions; except where they are affiliated to a central body;

(c)

central bodies that qualify as large institutions or that supervise large institutions affiliated to them;

(d)

stand-alone institutions in the Union that qualify as large institutions;

(e)

large subsidiaries, as defined in Article 4(1), point (147), of Regulation (EU) No 575/2013;

(f)

parent financial holding companies in a Member State, parent mixed financial holding companies in a Member State, EU parent financial holding companies and EU parent mixed financial holding companies, having large institutions within their group, except those falling under Article 21a(4) of this Directive.

6.   Where the heads of internal control functions and the chief financial officer do not fulfil at all times the criteria and requirements set out in paragraph 1, Member States shall ensure that competent authorities have the necessary powers to:

(a)

in the case of ex ante assessment, prevent such heads or officer from taking up the position or remove them from the position;

(b)

in the case of ex post assessment, remove such heads or officer, or require the entity to remove them from the position;

(c)

require the entities concerned to take additional appropriate measures to ensure that such heads or officer are or become suitable for the position concerned.

As soon as any new facts or other circumstances that could affect the suitability of the heads of internal control functions and the chief financial officer become known, the entities referred to in paragraph 5 shall reassess the suitability of those heads and that officer, and shall inform without undue delay the competent authority thereof.

Where the competent authority becomes aware that the relevant information concerning the suitability of the heads of internal control functions and the chief financial officer has changed and such change could affect the suitability of the heads or of the officer concerned, the competent authority shall reassess their suitability.

Competent authorities shall not be required to reassess the suitability of such heads or officer when their contract is renewed or extended, unless relevant information that is known to competent authorities has changed and such change could affect the suitability of the heads or officer concerned.

At least with respect to the appointment of those heads of internal control functions and that chief financial officer for positions in the entities referred to in paragraph 5, competent authorities shall duly consider setting a maximum period for concluding the suitability assessment. That maximum period may be extended, where appropriate.

7.   Competent authorities may request the authority responsible for the supervision of anti-money laundering or counter-terrorist financing in accordance with Directive (EU) 2015/849 to consult, in the context of their verifications, and on a risk-sensitive basis, the relevant information concerning the heads of internal control functions and the chief financial officer. Competent authorities may also request access to the central AML/CFT database referred to in Regulation (EU) 2024/1620. The Authority for Anti-Money Laundering and Countering the Financing of Terrorism shall decide whether to grant such access.

8.   By 10 July 2026, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, on the following:

(a)

the notions of good repute, honesty and integrity as referred to in paragraph 1;

(b)

the notion of sufficient knowledge, skills and experience as referred to in paragraph 1;

(c)

the criteria to determine whether there are reasonable grounds to suspect that money laundering or terrorist financing within the meaning of Article 1 of Directive (EU) 2015/849 is being or has been committed or attempted, or that there is an increased risk thereof, in connection with the entity.

For the purposes of the first subparagraph, point (c), EBA shall closely cooperate with ESMA and with the Authority for Anti-Money Laundering and Countering the Financing of Terrorism.’

;

(32)

Article 92 is amended as follows:

(a)

in paragraph 2, points (e) and (f) are replaced by the following:

‘(e)

staff engaged in internal control functions are independent of the business units they oversee, have appropriate authority, and are remunerated in accordance with the achievement of the objectives linked to their functions, independent of the performance of the business areas they control;

(f)

the remuneration of the heads of internal control functions is directly overseen by the remuneration committee referred to in Article 95 or, if such a committee has not been established, by the management body in its supervisory function;’

;

(b)

in paragraph 3, point (b) is replaced by the following:

‘(b)

staff members with managerial responsibility over the institution’s internal control functions or material business units;’

;

(33)

Article 94 is amended as follows:

(a)

in paragraph 1, point (a) is replaced by the following:

‘(a)

where remuneration is performance related, the total amount of remuneration is based on a combination of the assessment of the performance of the individual and of the business unit concerned and of the overall results of the institution and when assessing individual performance, financial and non-financial criteria are taken into account, including the treatment of the risks referred to in Article 76(2);’

;

(b)

in paragraph 2, third subparagraph, point (a) is replaced by the following:

‘(a)

managerial responsibility and internal control functions;’

;

(c)

in paragraph 3, point (a) is replaced by the following:

‘(a)

an institution that is not a large institution and the value of the assets of which is on average and on an individual basis, in accordance with this Directive and Regulation (EU) No 575/2013, equal to or less than EUR 5 billion over the four-year period immediately preceding the current financial year;’

;

(34)

in Article 97(4), the second subparagraph is replaced by the following:

‘When conducting the review and evaluation referred to in paragraph 1 of this Article, competent authorities shall apply the principle of proportionality in accordance with the criteria disclosed pursuant to Article 143(1), point (c). In particular, for the purpose of conducting the review and evaluation of an institution, the competent authority may consider whether all of the following conditions are met:

(a)

the institution is not a G-SII, a non-EU G-SII, or a G-SII entity in accordance with Regulation (EU) No 575/2013;

(b)

the institution has not been identified as an other systemically important institution (O-SII) in accordance with Article 131(1) and (3) of this Directive;

(c)

the institution is part of a group where the parent institution and the vast majority of the subsidiary institutions are related to each other as described in Article 22 of Directive 2013/34/EU;

(d)

the subsidiary institutions referred to in point (c) of this subparagraph meet all of the following conditions:

(i)

they qualify, or the vast majority of them qualify, as mutuals, cooperative societies or savings institutions in accordance with Article 27(1), point (a), of Regulation (EU) No 575/2013 and the applicable national law includes a cap or restriction on the maximum level of distributions;

(ii)

on an individual or sub-consolidated basis, their total assets do not exceed EUR 30 billion.’

;

(35)

Article 98 is amended as follows:

(a)

in paragraph 1, the following point is added:

‘(k)

the extent to which the institutions have put in place appropriate policies and operational actions related to quantifiable targets and milestones set out in the plans to be prepared in accordance with Article 76(2).’

;

(b)

the following paragraphs are added:

‘9.   The review and evaluation performed by competent authorities shall include the assessment of institutions’ governance and risk management processes for dealing with ESG risks, as well as of the institutions’ exposures to ESG risks. In determining the adequacy of institutions’ processes and exposures, competent authorities shall take into account the business models of those institutions.

Institutions’ exposures to ESG risks shall be assessed also on the basis of institutions’ plans to be prepared in accordance with Article 76(2). Institutions’ governance and risk management processes with regard to ESG risks shall be brought into line with the objectives set out in those plans.

The review and evaluation performed by competent authorities shall include the assessment of the institutions’ plans to be prepared in accordance with Article 76(2), as well as of the progress made towards addressing the ESG risks arising from the process of adjustment towards climate neutrality and towards other relevant Union regulatory objectives in relation to ESG factors.

10.   The review and evaluation performed by competent authorities shall include the assessment of institutions’ governance and risk management processes for crypto-asset exposures and the provision of crypto-asset services, including by considering institutions’ policies and procedures for identifying risks, as well as the adequacy of the results of the assessments referred to in Article 79, point (e), and Article 83(4).’

;

(36)

in Article 100, the following paragraphs are added:

‘3.   Institutions and third parties acting in a consulting capacity to institutions in the context of stress testing exercises shall refrain from activities that can impair a stress test, such as benchmarking, exchange of information among themselves, agreements on common behaviour, or optimisation of their submissions for stress tests. Without prejudice to other relevant provisions laid down in this Directive and in Regulation (EU) No 575/2013, competent authorities shall have all information gathering and investigatory powers that are necessary to detect those activities.

4.   EBA, EIOPA and ESMA shall, through the Joint Committee referred to in Article 54 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, develop guidelines to ensure that consistency, long-term considerations and common standards for assessment methodologies are integrated into the stress testing of ESG risks. The Joint Committee shall publish those guidelines by 10 January 2026. EBA, EIOPA and ESMA shall, through that Joint Committee, explore how social and governance related risks can be integrated into stress testing.’

;

(37)

in Article 101, paragraph 3 is replaced by the following:

‘3.   If for a trading desk using an internal market risk model, results of back-testing or the profit and loss attribution test indicate that the model is no longer sufficiently accurate, the competent authorities shall review the conditions for the permission for using the internal model or impose appropriate measures to ensure that the model is improved promptly.’

;

(38)

Article 104 is amended as follows:

(a)

paragraph 1 is amended as follows:

(i)

the introductory wording is replaced by the following:

‘For the purposes of Article 97, Article 98(1), (4), (5), (9) and (10), Article 101(4) and Article 102 of this Directive and of the application of Regulation (EU) No 575/2013, competent authorities shall have at least the power to:’

;

(ii)

point (e) is replaced by the following:

‘(e)

restrict or limit the business, including with regard to the acceptance of deposits, the operations or network of institutions or to request the divestment of activities that pose excessive risks to the soundness of an institution;’

;

(iii)

the following points are added:

‘(m)

require institutions to reduce the risks arising in the short, medium and long term from ESG factors, including those arising from the process of adjustment and from transition trends in the context of the relevant Union, Member States or third-country legal and regulatory objectives, through adjustments to their business strategies, governance and risk management for which a reinforcement of the targets, measures, and actions included in their plans to be prepared in accordance with Article 76(2) could be requested;

(n)

require institutions to undertake stress testing or scenario analysis to assess risks arising from crypto-asset exposures and from the provision of crypto-asset services.’

;

(b)

the following paragraph is added:

‘4.   EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to specify how competent authorities can identify whether the credit valuation adjustment risk of institutions, referred to in Article 381 of Regulation (EU) No 575/2013, poses excessive risks to the soundness of those institutions.’

;

(39)

Article 104a is amended as follows:

(a)

in paragraph 3, the second subparagraph is replaced by the following:

‘Where additional own funds are required to address the risk of excessive leverage not sufficiently covered by Article 92(1), point (d), of Regulation (EU) No 575/2013, competent authorities shall determine the level of the additional own funds required under paragraph 1, point (a), of this Article as the difference between the capital considered adequate pursuant to paragraph 2 of this Article, except for the fifth subparagraph thereof, and the relevant own funds requirements set out in Parts Three and Seven of Regulation (EU) No 575/2013.’

;

(b)

the following paragraphs are added:

‘6.   Where an institution becomes bound by the output floor laid down in Article 92(3) of Regulation (EU) No 575/2013, the following shall apply:

(a)

the nominal amount of additional own funds required by the institution’s competent authority in accordance with Article 104(1), point (a), to address risks other than the risk of excessive leverage is not to increase as a result of the institution becoming bound by the output floor;

(b)

the institution’s competent authority shall, without delay, and in any event no later than the end date of the next review and evaluation process, review the additional own funds it required from the institution in accordance with Article 104(1), point (a), and remove any parts thereof that would double-count the risks that are already fully covered by the fact that the institution is bound by the output floor;

(c)

as soon as the competent authority has completed the review referred to in point (b) of this subparagraph, point (a) of this subparagraph shall no longer apply.

For the purposes of this Article and Articles 131 and 133 of this Directive, an institution shall be considered as bound by the output floor when the institution’s total risk exposure amount calculated in accordance with Article 92(3), first subparagraph, of Regulation (EU) No 575/2013 exceeds its un-floored total risk exposure amount calculated in accordance with Article 92(4) of that Regulation.

7.   By 10 April 2025, EBA shall issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to further specify how to operationalise the requirements set out in paragraph 6 of this Article, and in particular:

(a)

how competent authorities are to reflect in their supervisory review and evaluation process the fact that an institution has become bound by the output floor;

(b)

how competent authorities and institutions are to communicate and disclose the impact on supervisory requirements of an institution becoming bound by the output floor.

8.   For the purposes of paragraph 2, as long as an institution is bound by the output floor, the institution’s competent authority shall not impose an additional own funds requirement that would double-count the risks that are already fully covered by the fact that the institution is bound by the output floor.’

;

(40)

in Article 104b, the following paragraph is inserted:

‘4a.   Where an institution becomes bound by the output floor, its competent authority may review its guidance on additional own funds communicated to that institution to ensure that its calibration remains appropriate.’

;

(41)

in Article 106, paragraph 1 is replaced by the following:

‘1.   Member States shall empower the competent authorities to:

(a)

require institutions to publish the information referred to in Part Eight of Regulation (EU) No 575/2013 more frequently than required by Articles 433 to 433c of that Regulation;

(b)

set deadlines for institutions, other than small and non-complex institutions, to submit disclosure information to EBA for its publication on the EBA website for centralised disclosures;

(c)

require institutions to use specific media and locations for publications, other than the EBA website for centralised disclosures, or the financial statements of institutions.

By 10 July 2025, EBA shall, taking into consideration Part Eight of Regulation (EU) No 575/2013, issue guidelines, in accordance with Article 16 of Regulation (EU) No 1093/2010, to specify the requirements set out in paragraph 1 of this Article.’

;

(42)

in Title VII, Chapter 3, the following Section is inserted before Section I:

‘SECTION I

Application of this Chapter to investment firm groups

Article 110a

Scope of application to investment firm groups

This Chapter applies to investment firm groups, as defined in Article 4(1), point (25), of Regulation (EU) 2019/2033, where at least one investment firm in that group is subject to Regulation (EU) No 575/2013 pursuant to Article 1(2) or (5) of Regulation (EU) 2019/2033.

This Chapter does not apply to investment firm groups where no investment firm in that group is subject to Regulation (EU) No 575/2013 pursuant to Article 1(2) or (5) of Regulation (EU) 2019/2033.’

;

(43)

Article 121 is replaced by the following:

‘Article 121

Qualification of members of the management body

Member States shall require that the members of the management body of a financial holding company or mixed financial holding company, other than those that have been granted approval in accordance with Article 21a(1), be of sufficiently good repute and possess sufficient knowledge, skills and experience as referred to in Article 91(1) to perform those duties, taking into account the specific role of a financial holding company or mixed financial holding company. The financial holding companies or mixed financial holding companies shall have the primary responsibility for ensuring the suitability of the members of their management body.’

;

(44)

Article 131 is amended as follows:

(a)

in paragraph 5a, the second subparagraph is replaced by the following:

‘Within six weeks of receipt of the notification referred to in paragraph 7 of this Article, the ESRB shall provide the Commission with an opinion as to whether the O-SII buffer is deemed appropriate. EBA may also provide the Commission with its opinion on the buffer in accordance with Article 16a(1) of Regulation (EU) No 1093/2010.’

;

(b)

in paragraph 6, the following point is added:

‘(c)

where an O-SII becomes bound by the output floor, its competent authority or designated authority shall review, by a date no later than the date of the annual review referred to in point (b), the institution’s O-SII buffer requirement in order to ensure that its calibration remains appropriate.’

;

(c)

in paragraph 15, the second subparagraph is replaced by the following:

‘Where the sum of the systemic risk buffer rate as calculated for the purposes of Article 133(10), (11) or (12) and the O-SII buffer rate or the G-SII buffer rate to which the same institution is subject to would be higher than 5 %, the procedure set out in paragraph 5a of this Article shall apply. For the purposes of this paragraph, where the decision to set a systemic risk buffer, O-SII buffer or G-SII buffer results in a decrease or no change from any of the previously set rates, the procedure set out in paragraph 5a of this Article shall not apply.’

;

(45)

Article 133 is amended as follows:

(a)

paragraph 1 is replaced by the following:

‘1.   Each Member State shall ensure that it is possible to set a systemic risk buffer of Common Equity Tier 1 capital for the financial sector or one or more subsets of that sector on all or a subset of exposures as referred to in paragraph 5 of this Article, in order to prevent and mitigate macroprudential or systemic risks, including macroprudential or systemic risks arising from climate change, not covered by Regulation (EU) No 575/2013 and by Articles 130 and 131 of this Directive, that is to say a risk of disruption in the financial system with the potential to have serious negative consequences for the financial system and the real economy in a specific Member State.’

;

(b)

paragraph 8 is amended as follows:

(i)

point (c) is replaced by the following:

‘(c)

the systemic risk buffer is not to be used to address any of the following:

(i)

risks that are covered by Articles 130 and 131 of this Directive;